From e58d75f0673cb7465d4b94dfcd3e8ea2e1abdad9 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Mon, 8 Sep 2014 12:12:56 +0200
Subject: crypto: Verify OpenSSL library major version at load

to prevent strange memory corruption crashes due to
mismatch between header and library versions.
---
 lib/crypto/c_src/crypto.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'lib/crypto')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index e55a03d26a..e7215eeb64 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -462,9 +462,11 @@ static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context*);
 /*
 #define PRINTF_ERR0(FMT) enif_fprintf(stderr, FMT "\n")
 #define PRINTF_ERR1(FMT, A1) enif_fprintf(stderr, FMT "\n", A1)
+#define PRINTF_ERR2(FMT, A1, A2) enif_fprintf(stderr, FMT "\n", A1, A2)
 */
 #define PRINTF_ERR0(FMT)
 #define PRINTF_ERR1(FMT,A1)
+#define PRINTF_ERR2(FMT,A1,A2)
 
 #ifdef __OSE__
 
@@ -506,6 +508,23 @@ static int init_ose_crypto() {
 #define CHECK_OSE_CRYPTO()
 #endif
 
+
+static int verify_lib_version(void)
+{
+    const unsigned long libv = SSLeay();
+    const unsigned long hdrv = OPENSSL_VERSION_NUMBER;
+
+#   define MAJOR_VER(V) ((unsigned long)(V) >> (7*4))
+
+    if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) {
+	PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION"
+		    " lib=%lx header=%lx\n", libv, hdrv);
+	return 0;
+    }
+    return 1;
+}
+
+
 #ifdef HAVE_DYNAMIC_CRYPTO_LIB
 
 # if defined(DEBUG)
@@ -554,6 +573,9 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info)
     if (!INIT_OSE_CRYPTO())
       return 0;
 
+    if (!verify_lib_version())
+	return 0;
+
     /* load_info: {301, <<"/full/path/of/this/library">>} */
     if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array)
 	|| tpl_arity != 2
-- 
cgit v1.2.3