From e58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Mon, 8 Sep 2014 12:12:56 +0200 Subject: crypto: Verify OpenSSL library major version at load to prevent strange memory corruption crashes due to mismatch between header and library versions. --- lib/crypto/c_src/crypto.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib/crypto/c_src/crypto.c') diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index e55a03d26a..e7215eeb64 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -462,9 +462,11 @@ static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context*); /* #define PRINTF_ERR0(FMT) enif_fprintf(stderr, FMT "\n") #define PRINTF_ERR1(FMT, A1) enif_fprintf(stderr, FMT "\n", A1) +#define PRINTF_ERR2(FMT, A1, A2) enif_fprintf(stderr, FMT "\n", A1, A2) */ #define PRINTF_ERR0(FMT) #define PRINTF_ERR1(FMT,A1) +#define PRINTF_ERR2(FMT,A1,A2) #ifdef __OSE__ @@ -506,6 +508,23 @@ static int init_ose_crypto() { #define CHECK_OSE_CRYPTO() #endif + +static int verify_lib_version(void) +{ + const unsigned long libv = SSLeay(); + const unsigned long hdrv = OPENSSL_VERSION_NUMBER; + +# define MAJOR_VER(V) ((unsigned long)(V) >> (7*4)) + + if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) { + PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION" + " lib=%lx header=%lx\n", libv, hdrv); + return 0; + } + return 1; +} + + #ifdef HAVE_DYNAMIC_CRYPTO_LIB # if defined(DEBUG) @@ -554,6 +573,9 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) if (!INIT_OSE_CRYPTO()) return 0; + if (!verify_lib_version()) + return 0; + /* load_info: {301, <<"/full/path/of/this/library">>} */ if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array) || tpl_arity != 2 -- cgit v1.2.3