A local copy of OpenSSL from GitHub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

150 lines
4.7 KiB

Windows: Call TerminateProcess, not ExitProcess Ty Baen-Price explains: > Problem and Resolution: > The following lines of code make use of the Microsoft API ExitProcess: > > ``` > Apps\Speed.c line 335: ExitProcess(ret); > Ms\uplink.c line 22: ExitProcess(1); > ``` > > These function calls are made after fatal errors are detected and > program termination is desired. ExitProcess(), however causes > _orderly_ shutdown of a process and all its threads, i.e. it unloads > all dlls and runs all destructors. See MSDN for details of exactly > what happens > (https://msdn.microsoft.com/en-us/library/windows/desktop/ms682658(v=vs.85).aspx). > The MSDN page states that ExitProcess should never be called unless > it is _known to be safe_ to call it. These calls should simply be > replaced with calls to TerminateProcess(), which is what should be > called for _disorderly_ shutdown. > > An example of usage: > > ``` > TerminateProcess(GetCurrentProcess(), exitcode); > ``` > > Effect of Problem: > Because of a compilation error (wrong c++ runtime), my program > executed the uplink.c ExitProcess() call. This caused the single > OpenSSL thread to start executing the destructors of all my dlls, > and their objects. Unfortunately, about 30 other threads were > happily using those objects at that time, eventually causing a > 0xC0000005 ACCESS_VIOLATION. Obviously an ACCESS_VIOLATION is the > best case scenario, as I'm sure you can imagine at the consequences > of undiscovered memory corruption, even in a terminating process. And on the subject of `TerminateProcess()` being asynchronous: > That is technically true, but I think it's probably synchronous > "enough" for your purposes, since a call to TerminateProcess > suspends execution of all threads in the target process. This means > it's really only asynchronous if you're calling TerminateProcess one > some _other_ process. If you're calling TerminateProcess on your own > process, you'll never return from the TerminateProcess call. Fixes #2489 Was originally RT-4526 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8301)
4 years ago
  1. /*
  2. * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
  10. # define UNICODE
  11. #endif
  12. #if defined(UNICODE) && !defined(_UNICODE)
  13. # define _UNICODE
  14. #endif
  15. #if defined(_UNICODE) && !defined(UNICODE)
  16. # define UNICODE
  17. #endif
  18. #include <windows.h>
  19. #include <tchar.h>
  20. #include <stdio.h>
  21. #include "uplink.h"
  22. void OPENSSL_showfatal(const char *, ...);
  23. static TCHAR msg[128];
  24. static void unimplemented(void)
  25. {
  26. OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
  27. TerminateProcess(GetCurrentProcess(), 1);
  28. }
  29. void OPENSSL_Uplink(volatile void **table, int index)
  30. {
  31. static HMODULE volatile apphandle = NULL;
  32. static void **volatile applinktable = NULL;
  33. int len;
  34. void (*func) (void) = unimplemented;
  35. HANDLE h;
  36. void **p;
  37. /*
  38. * Note that the below code is not MT-safe in respect to msg buffer, but
  39. * what's the worst thing that can happen? Error message might be
  40. * misleading or corrupted. As error condition is fatal and should never
  41. * be risen, I accept the risk...
  42. */
  43. /*
  44. * One can argue that I should have used InterlockedExchangePointer or
  45. * something to update static variables and table[]. Well, store
  46. * instructions are as atomic as they can get and assigned values are
  47. * effectively constant... So that volatile qualifier should be
  48. * sufficient [it prohibits compiler to reorder memory access
  49. * instructions].
  50. */
  51. do {
  52. len = _sntprintf(msg, sizeof(msg) / sizeof(TCHAR),
  53. _T("OPENSSL_Uplink(%p,%02X): "), table, index);
  54. _tcscpy(msg + len, _T("unimplemented function"));
  55. if ((h = apphandle) == NULL) {
  56. if ((h = GetModuleHandle(NULL)) == NULL) {
  57. apphandle = (HMODULE) - 1;
  58. _tcscpy(msg + len, _T("no host application"));
  59. break;
  60. }
  61. apphandle = h;
  62. }
  63. if ((h = apphandle) == (HMODULE) - 1) /* revalidate */
  64. break;
  65. if (applinktable == NULL) {
  66. void **(*applink) ();
  67. applink = (void **(*)())GetProcAddress(h, "OPENSSL_Applink");
  68. if (applink == NULL) {
  69. apphandle = (HMODULE) - 1;
  70. _tcscpy(msg + len, _T("no OPENSSL_Applink"));
  71. break;
  72. }
  73. p = (*applink) ();
  74. if (p == NULL) {
  75. apphandle = (HMODULE) - 1;
  76. _tcscpy(msg + len, _T("no ApplinkTable"));
  77. break;
  78. }
  79. applinktable = p;
  80. } else
  81. p = applinktable;
  82. if (index > (int)p[0])
  83. break;
  84. if (p[index])
  85. func = p[index];
  86. } while (0);
  87. table[index] = func;
  88. }
  89. #if (defined(_MSC_VER) || defined(__BORLANDC__)) && defined(_M_IX86)
  90. # if defined(_MSC_VER)
  91. # define LAZY(i) \
  92. __declspec(naked) static void lazy##i (void) { \
  93. _asm push i \
  94. _asm push OFFSET OPENSSL_UplinkTable \
  95. _asm call OPENSSL_Uplink \
  96. _asm add esp,8 \
  97. _asm jmp OPENSSL_UplinkTable+4*i }
  98. # elif defined(__BORLANDC__) && defined(__clang__)
  99. void *OPENSSL_UplinkTable[26]; /* C++Builder requires declaration before use */
  100. # define LAZY(i) \
  101. __declspec(naked) static void lazy##i (void) { \
  102. __asm__("pushl $" #i "; " \
  103. "pushl %0; " \
  104. "call %P1; " \
  105. "addl $8, %%esp; " \
  106. "jmp *%2 " \
  107. : /* no outputs */ \
  108. : "i" (OPENSSL_UplinkTable), \
  109. "i" (OPENSSL_Uplink), \
  110. "m" (OPENSSL_UplinkTable[i])); }
  111. # endif
  112. # if APPLINK_MAX>25
  113. # error "Add more stubs..."
  114. # endif
  115. /* make some in advance... */
  116. LAZY(1) LAZY(2) LAZY(3) LAZY(4) LAZY(5)
  117. LAZY(6) LAZY(7) LAZY(8) LAZY(9) LAZY(10)
  118. LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15)
  119. LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20)
  120. LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25)
  121. void *OPENSSL_UplinkTable[] = {
  122. (void *)APPLINK_MAX,
  123. lazy1, lazy2, lazy3, lazy4, lazy5,
  124. lazy6, lazy7, lazy8, lazy9, lazy10,
  125. lazy11, lazy12, lazy13, lazy14, lazy15,
  126. lazy16, lazy17, lazy18, lazy19, lazy20,
  127. lazy21, lazy22, lazy23, lazy24, lazy25,
  128. };
  129. #endif
  130. #ifdef SELFTEST
  131. main()
  132. {
  133. UP_fprintf(UP_stdout, "hello, world!\n");
  134. }
  135. #endif