From 8736e6a6d00beb60c6c7744e22e17c1ccb478e56 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Mon, 4 Feb 2013 19:34:08 +0000 Subject: [PATCH] Avoid valgrind warnings in mod_ssl random number generator We intentionally add uninitialized stack memory. To avoid warnings, make valgrind believe that the memory is defined. Add configure option to enable valgrind support git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1442307 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ configure.in | 16 ++++++++++++++++ modules/ssl/mod_ssl.c | 10 ++++++++++ modules/ssl/ssl_engine_rand.c | 10 ++++++++++ modules/ssl/ssl_private.h | 4 ++++ 5 files changed, 43 insertions(+) diff --git a/CHANGES b/CHANGES index 96339c80d2..f1375a7d0b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) core: Add option to add valgrind suport. Use it to reduce false positive + warnings in mod_ssl. [Stefan Fritsch] + *) mod_lua: Add bindings for apr_dbd/mod_dbd database access [Daniel Gruno] diff --git a/configure.in b/configure.in index 7e62596fcd..6e86cfee0f 100644 --- a/configure.in +++ b/configure.in @@ -659,6 +659,22 @@ fi APACHE_SUBST(PICFLAGS) APACHE_SUBST(PILDFLAGS) +AC_ARG_WITH(valgrind, + [ --with-valgrind[[=DIR]] Enable code to reduce valgrind false positives + (optionally: set path to valgrind headers) ], + [ if test "$withval" != no; then + if test "$withval" = yes; then + withval=/usr/include/valgrind + fi + APR_ADDTO(CPPFLAGS, -I$withval) + AC_CHECK_HEADERS(valgrind.h memcheck.h) + APR_IFALLYES(header:valgrind.h header:memcheck.h, + [AC_DEFINE(HAVE_VALGRIND, 1, [Compile in valgrind support]) ], + [AC_MSG_ERROR(valgrind headers not found) ] + ) + fi ] +) + prefix="$orig_prefix" APACHE_ENABLE_MODULES diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index a6392d1d47..8fbc2e6ada 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -32,6 +32,11 @@ #include +#if HAVE_VALGRIND +#include +int ssl_running_on_valgrind = 0; +#endif + /* * the table of configuration directives we provide */ @@ -347,6 +352,11 @@ static int ssl_hook_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp) { + +#if HAVE_VALGRIND + ssl_running_on_valgrind = RUNNING_ON_VALGRIND; +#endif + /* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c index df25d8fd63..a5893e1561 100644 --- a/modules/ssl/ssl_engine_rand.c +++ b/modules/ssl/ssl_engine_rand.c @@ -29,6 +29,11 @@ #include "ssl_private.h" +#if HAVE_VALGRIND +#include +#include +#endif + /* _________________________________________________________________ ** ** Support for better seeding of SSL library's RNG @@ -113,6 +118,11 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) /* * seed in some current state of the run-time stack (128 bytes) */ +#if HAVE_VALGRIND + if (ssl_running_on_valgrind) { + VALGRIND_MAKE_MEM_DEFINED(stackdata, sizeof(stackdata)); + } +#endif n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1); RAND_seed(stackdata+n, 128); nDone += 128; diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 3ff3014bba..edcd1d8050 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -1024,6 +1024,10 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri, conn_rec *c, apr_pool_t *p); #endif +#if HAVE_VALGRIND +extern int ssl_running_on_valgrind; +#endif + #endif /* SSL_PRIVATE_H */ /** @} */ -- 2.40.0