rpms / postgresql

Clone
Source Code
GIT

Blame SOURCES/postgresql-libpq-crypto-no-callback-stomping-v2.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-10 c8-beta-stream-12 c8-beta-stream-13 c8-beta-stream-15 c8-beta-stream-9.6 c8-stream-10 c8-stream-12 c8-stream-13 c8-stream-15 c8-stream-9.6 c8s-stream-10 c8s-stream-12 c8s-stream-13 c8s-stream-15 c8s-stream-9.6 c9 c9-beta c9-beta-stream-15 c9-stream-15
  1.   c7
  2.   SOURCES
  3.   postgresql-libpq-crypto-no-callback-stomping-v2.patch
Blob History Raw
fe8f92 
Do not attempt to manage OpenSSL locking callbacks in libpq
fe8f92
fe8f92 
A deadlock occurs when connecting to Postgresql using SSL with postgresql-libs in
fe8f92 
a multi-threaded environment with other threads performing SSL independently.
fe8f92
fe8f92 
This issue has been causing Module Build Service (https://pagure.io/fm-orchestrator)
fe8f92 
outages, which is deployed on RHEL 7.4 but with the latest postgresql-libs package installed.
fe8f92
fe8f92 
You can find a reproducer script and a more in-depth description of the issue here:
fe8f92 
https://postgrespro.com/list/thread-id/1861629
fe8f92
fe8f92 
The upstream patch that resolves this issue is here:
fe8f92 
https://commitfest.postgresql.org/4/140/
fe8f92
fe8f92 
RHBZ: #1755154
fe8f92
fe8f92 
diff -ur postgresql-9.2.24/src/interfaces/libpq/fe-secure.c postgresql-patch/src/interfaces/libpq/fe-secure.c
fe8f92 
--- postgresql-9.2.24/src/interfaces/libpq/fe-secure.c	2017-11-06 23:17:39.000000000 +0100
fe8f92 
+++ postgresql-patch/src/interfaces/libpq/fe-secure.c	2019-10-29 15:25:28.448918186 +0100
fe8f92 
@@ -941,9 +941,12 @@
fe8f92
fe8f92 
 		if (ssl_open_connections++ == 0)
fe8f92 
 		{
fe8f92 
-			/* These are only required for threaded libcrypto applications */
fe8f92 
-			CRYPTO_set_id_callback(pq_threadidcallback);
fe8f92 
-			CRYPTO_set_locking_callback(pq_lockingcallback);
fe8f92 
+			/* These are only required for threaded libcrypto applications, but
fe8f92 
+                        * make sure we don't stomp on them if they're already set. */
fe8f92 
+                       if (CRYPTO_get_id_callback() == NULL)
fe8f92 
+                               CRYPTO_set_id_callback(pq_threadidcallback);
fe8f92 
+                       if (CRYPTO_get_locking_callback() == NULL)
fe8f92 
+                               CRYPTO_set_locking_callback(pq_lockingcallback);
fe8f92 
 		}
fe8f92 
 	}
fe8f92 
 #endif   /* HAVE_CRYPTO_LOCK */
fe8f92 
@@ -997,10 +1000,13 @@
fe8f92
fe8f92 
 	if (pq_init_crypto_lib && ssl_open_connections == 0)
fe8f92 
 	{
fe8f92 
-		/* No connections left, unregister libcrypto callbacks */
fe8f92 
-		CRYPTO_set_locking_callback(NULL);
fe8f92 
-		CRYPTO_set_id_callback(NULL);
fe8f92
fe8f92 
+		/* No connections left, unregister libcrypto callbacks, if no one
fe8f92 
+                * registered different ones in the meantime. */
fe8f92 
+               if (CRYPTO_get_id_callback() == pq_threadidcallback)
fe8f92 
+                       CRYPTO_set_id_callback(NULL);
fe8f92 
+               if (CRYPTO_get_locking_callback() == pq_lockingcallback)
fe8f92 
+                       CRYPTO_set_locking_callback(NULL);
fe8f92 
 		/*
fe8f92 
 		 * We don't free the lock array. If we get another connection in
fe8f92 
 		 * this process, we will just re-use them with the existing mutexes.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation