From e5c1d346e29e5b1227ed30ee4d725a09eca0e532 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Fri, 5 Oct 2012 11:52:52 +0200
Subject: crypto: Make unloading of crypto safer

Facts:
crypto nif-lib registers callback functions that openssl uses
for memory management and thread synchronization. The callback
functions can only be set once, openssl does not allow changing the
callback functions.

Problem:
If openssl is dynamicly linked to crypto, you might get s scenario
where the crypto lib is unloaded while leaving openssl loaded
with its old pointers to the unloaded crypto code intact.
If crypto is then reloaded (by init:restart() for example), the crypto
nif-lib might get relocated at a different address. crypto calls
openssl which in turn calls the old invalid callback functions...kaboom.

Solution:
Break apart the callback functions into a separate dynamic lib that
crypto loads with dlopen. When crypto is unloaded the callback lib is
left in place to be reused if/when crypto is loaded again.
---
 erts/emulator/beam/erl_nif.c                 | 38 ++++++++++++++++++++++++++++
 erts/emulator/beam/erl_nif_api_funcs.h       |  4 +++
 erts/emulator/beam/sys.h                     |  4 +--
 erts/emulator/sys/unix/erl_unix_sys_ddll.c   |  4 +--
 erts/emulator/sys/win32/erl_win32_sys_ddll.c |  4 +--
 5 files changed, 48 insertions(+), 6 deletions(-)

(limited to 'erts')

diff --git a/erts/emulator/beam/erl_nif.c b/erts/emulator/beam/erl_nif.c
index 0dca588847..632d756481 100644
--- a/erts/emulator/beam/erl_nif.c
+++ b/erts/emulator/beam/erl_nif.c
@@ -1396,6 +1396,44 @@ size_t enif_sizeof_resource(void* obj)
     return ERTS_MAGIC_BIN_DATA_SIZE(bin) - offsetof(ErlNifResource,data);
 }
 
+
+void* enif_dlopen(const char* lib,
+		  void (*err_handler)(void*,const char*), void* err_arg)
+{
+    ErtsSysDdllError errdesc = ERTS_SYS_DDLL_ERROR_INIT;
+    void* handle;
+    void* init_func;
+    if (erts_sys_ddll_open2(lib, &handle, &errdesc) == ERL_DE_NO_ERROR) {
+	if (erts_sys_ddll_load_nif_init(handle, &init_func, &errdesc) == ERL_DE_NO_ERROR) {
+	    erts_sys_ddll_call_nif_init(init_func);
+	}
+    }
+    else {
+	if (err_handler != NULL) {
+	    (*err_handler)(err_arg, errdesc.str);
+	}
+	handle = NULL;
+    }
+    erts_sys_ddll_free_error(&errdesc);
+    return handle;
+}
+
+void* enif_dlsym(void* handle, const char* symbol,
+		 void (*err_handler)(void*,const char*), void* err_arg)
+{
+    ErtsSysDdllError errdesc = ERTS_SYS_DDLL_ERROR_INIT;
+    void* ret;
+    if (erts_sys_ddll_sym2(handle, symbol, &ret, &errdesc) != ERL_DE_NO_ERROR) {
+	if (err_handler != NULL) {
+	    (*err_handler)(err_arg, errdesc.str);
+	}
+	erts_sys_ddll_free_error(&errdesc);
+	return NULL;
+    }
+    return ret;
+}
+
+
 /***************************************************************************
  **                              load_nif/2                               **
  ***************************************************************************/
diff --git a/erts/emulator/beam/erl_nif_api_funcs.h b/erts/emulator/beam/erl_nif_api_funcs.h
index 6396af09d0..51ff1eaa48 100644
--- a/erts/emulator/beam/erl_nif_api_funcs.h
+++ b/erts/emulator/beam/erl_nif_api_funcs.h
@@ -138,6 +138,8 @@ ERL_NIF_API_FUNC_DECL(ERL_NIF_TERM,enif_make_uint64,(ErlNifEnv*, ErlNifUInt64));
 ERL_NIF_API_FUNC_DECL(int,enif_is_exception,(ErlNifEnv*, ERL_NIF_TERM term));
 ERL_NIF_API_FUNC_DECL(int,enif_make_reverse_list,(ErlNifEnv*, ERL_NIF_TERM term, ERL_NIF_TERM *list));
 ERL_NIF_API_FUNC_DECL(int,enif_is_number,(ErlNifEnv*, ERL_NIF_TERM term));
+ERL_NIF_API_FUNC_DECL(void*,enif_dlopen,(const char* lib, void (*err_handler)(void*,const char*), void* err_arg));
+ERL_NIF_API_FUNC_DECL(void*,enif_dlsym,(void* handle, const char* symbol, void (*err_handler)(void*,const char*), void* err_arg));
 
 /*
 ** Add new entries here to keep compatibility on Windows!!!
@@ -260,6 +262,8 @@ ERL_NIF_API_FUNC_DECL(int,enif_is_number,(ErlNifEnv*, ERL_NIF_TERM term));
 #  define enif_is_exception ERL_NIF_API_FUNC_MACRO(enif_is_exception)
 #  define enif_make_reverse_list ERL_NIF_API_FUNC_MACRO(enif_make_reverse_list)
 #  define enif_is_number ERL_NIF_API_FUNC_MACRO(enif_is_number)
+#  define enif_dlopen ERL_NIF_API_FUNC_MACRO(enif_dlopen)
+#  define enif_dlsym ERL_NIF_API_FUNC_MACRO(enif_dlsym)
 
 /*
 ** Add new entries here
diff --git a/erts/emulator/beam/sys.h b/erts/emulator/beam/sys.h
index 0e6bec352e..743da4ca3a 100644
--- a/erts/emulator/beam/sys.h
+++ b/erts/emulator/beam/sys.h
@@ -618,7 +618,7 @@ typedef struct {
 #define ERTS_SYS_DDLL_ERROR_INIT {NULL}
 extern void erts_sys_ddll_free_error(ErtsSysDdllError*);
 extern void erl_sys_ddll_init(void); /* to initialize mutexes etc */
-extern int erts_sys_ddll_open2(char *path, void **handle, ErtsSysDdllError*);
+extern int erts_sys_ddll_open2(const char *path, void **handle, ErtsSysDdllError*);
 #define erts_sys_ddll_open(P,H) erts_sys_ddll_open2(P,H,NULL)
 extern int erts_sys_ddll_open_noext(char *path, void **handle, ErtsSysDdllError*);
 extern int erts_sys_ddll_load_driver_init(void *handle, void **function);
@@ -627,7 +627,7 @@ extern int erts_sys_ddll_close2(void *handle, ErtsSysDdllError*);
 #define erts_sys_ddll_close(H) erts_sys_ddll_close2(H,NULL)
 extern void *erts_sys_ddll_call_init(void *function);
 extern void *erts_sys_ddll_call_nif_init(void *function);
-extern int erts_sys_ddll_sym2(void *handle, char *name, void **function, ErtsSysDdllError*);
+extern int erts_sys_ddll_sym2(void *handle, const char *name, void **function, ErtsSysDdllError*);
 #define erts_sys_ddll_sym(H,N,F) erts_sys_ddll_sym2(H,N,F,NULL)
 extern char *erts_sys_ddll_error(int code);
 
diff --git a/erts/emulator/sys/unix/erl_unix_sys_ddll.c b/erts/emulator/sys/unix/erl_unix_sys_ddll.c
index 336d9586c4..a35aec560a 100644
--- a/erts/emulator/sys/unix/erl_unix_sys_ddll.c
+++ b/erts/emulator/sys/unix/erl_unix_sys_ddll.c
@@ -101,7 +101,7 @@ void erl_sys_ddll_init(void) {
 /* 
  * Open a shared object
  */
-int erts_sys_ddll_open2(char *full_name, void **handle, ErtsSysDdllError* err)
+int erts_sys_ddll_open2(const char *full_name, void **handle, ErtsSysDdllError* err)
 {
 #if defined(HAVE_DLOPEN)
     char* dlname; 
@@ -153,7 +153,7 @@ int erts_sys_ddll_open_noext(char *dlname, void **handle, ErtsSysDdllError* err)
 /* 
  * Find a symbol in the shared object
  */
-int erts_sys_ddll_sym2(void *handle, char *func_name, void **function,
+int erts_sys_ddll_sym2(void *handle, const char *func_name, void **function,
 		       ErtsSysDdllError* err)
 {
 #if defined(HAVE_DLOPEN)
diff --git a/erts/emulator/sys/win32/erl_win32_sys_ddll.c b/erts/emulator/sys/win32/erl_win32_sys_ddll.c
index d00eed932b..54991a610c 100644
--- a/erts/emulator/sys/win32/erl_win32_sys_ddll.c
+++ b/erts/emulator/sys/win32/erl_win32_sys_ddll.c
@@ -58,7 +58,7 @@ void erl_sys_ddll_init(void) {
 /* 
  * Open a shared object
  */
-int erts_sys_ddll_open2(char *full_name, void **handle, ErtsSysDdllError* err)
+int erts_sys_ddll_open2(const char *full_name, void **handle, ErtsSysDdllError* err)
 {
     int len;
     char dlname[MAXPATHLEN + 1];
@@ -92,7 +92,7 @@ int erts_sys_ddll_open_noext(char *dlname, void **handle, ErtsSysDdllError* err)
 /* 
  * Find a symbol in the shared object
  */
-int erts_sys_ddll_sym2(void *handle, char *func_name, void **function,
+int erts_sys_ddll_sym2(void *handle, const char *func_name, void **function,
 		       ErtsSysDdllError* err)
 {
     FARPROC proc;
-- 
cgit v1.2.3