Avoid valgrind warnings in mod_ssl random number generator

We intentionally add uninitialized stack memory. To avoid warnings,
make valgrind believe that the memory is defined.

Add configure option to enable valgrind support

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1442307 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 96339c80d221b83610c26b85c8ae6d18b56803bc..f1375a7d0b339d19f43a8e3d12c18e5e8efd7eaa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Add option to add valgrind suport. Use it to reduce false positive
+     warnings in mod_ssl. [Stefan Fritsch]
+
   *) mod_lua: Add bindings for apr_dbd/mod_dbd database access
      [Daniel Gruno]
 

diff --git a/configure.in b/configure.in
index 7e62596fcd4dd171125b87753f4399d34d399e7c..6e86cfee0f3c933ee7ba558f03dba77eb106671b 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -659,6 +659,22 @@ fi
 APACHE_SUBST(PICFLAGS)
 APACHE_SUBST(PILDFLAGS)
 
+AC_ARG_WITH(valgrind,
+  [  --with-valgrind[[=DIR]]   Enable code to reduce valgrind false positives
+                          (optionally: set path to valgrind headers) ],
+  [ if test "$withval" != no; then
+      if test "$withval" = yes; then
+        withval=/usr/include/valgrind
+      fi
+      APR_ADDTO(CPPFLAGS, -I$withval)
+      AC_CHECK_HEADERS(valgrind.h memcheck.h)
+      APR_IFALLYES(header:valgrind.h header:memcheck.h,
+        [AC_DEFINE(HAVE_VALGRIND, 1, [Compile in valgrind support]) ],
+        [AC_MSG_ERROR(valgrind headers not found) ]
+      )
+    fi ]
+)
+
 prefix="$orig_prefix"
 APACHE_ENABLE_MODULES
 

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index a6392d1d47f94ce29ef934b63c6cb139fc799cb6..8fbc2e6adaec03cb8a0b9054075132fce0596cde 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -32,6 +32,11 @@
 
 #include <assert.h>
 
+#if HAVE_VALGRIND
+#include <valgrind.h>
+int ssl_running_on_valgrind = 0;
+#endif
+
 /*
  *  the table of configuration directives we provide
  */
@@ -347,6 +352,11 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
                                apr_pool_t *plog,
                                apr_pool_t *ptemp)
 {
+
+#if HAVE_VALGRIND
+     ssl_running_on_valgrind = RUNNING_ON_VALGRIND;
+#endif
+
     /* We must register the library in full, to ensure our configuration
      * code can successfully test the SSL environment.
      */

diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c
index df25d8fd639bbfda420da86480e8d14bfbec43f2..a5893e1561ee02f1bf786a2999e031b40c9ce154 100644 (file)
--- a/modules/ssl/ssl_engine_rand.c
+++ b/modules/ssl/ssl_engine_rand.c
@@ -29,6 +29,11 @@
 
 #include "ssl_private.h"
 
+#if HAVE_VALGRIND
+#include <valgrind.h>
+#include <memcheck.h>
+#endif
+
 /*  _________________________________________________________________
 **
 **  Support for better seeding of SSL library's RNG
@@ -113,6 +118,11 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
                 /*
                  * seed in some current state of the run-time stack (128 bytes)
                  */
+#if HAVE_VALGRIND
+                if (ssl_running_on_valgrind) {
+                    VALGRIND_MAKE_MEM_DEFINED(stackdata, sizeof(stackdata));
+                }
+#endif
                 n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
                 RAND_seed(stackdata+n, 128);
                 nDone += 128;

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 3ff3014bba94163f03be6d944b4c44b326910d67..edcd1d80500d25b975052feb08dde9a74e721587 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -1024,6 +1024,10 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
                                             conn_rec *c, apr_pool_t *p);
 #endif
 
+#if HAVE_VALGRIND
+extern int ssl_running_on_valgrind;
+#endif
+
 #endif /* SSL_PRIVATE_H */
 /** @} */