Date: Tue, 23 Nov 2004 19:59:23 +0100 From: Wiktor Niesiobedzki <bsd@w.evip.pl> To: Giorgos Keramidas <keramida@linux.gr> Cc: current@freebsd.org Subject: Re: Putty or libcrypto bug? Message-ID: <20041123185923.GH3584@mail.evip.pl> In-Reply-To: <20041123183930.GA56352@orion.daedalusnetworks.priv> References: <20041123171951.GG3584@mail.evip.pl> <20041123183930.GA56352@orion.daedalusnetworks.priv>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 23, 2004 at 08:39:30PM +0200, Giorgos Keramidas wrote: > On 2004-11-23 18:19, Wiktor Niesiobedzki <bsd@w.evip.pl> wrote: > > w@portal:~$ gdb =putty putty.core [...] > > As we may see, putty defines sk_new function and function of the same name > > exists in libcrypto (in /usr/src/crypto/openssl/crypto/stack/stack.c). > > Good catch :-) > > This is a Bad Idea(TM) most of the time though. The library > implements a function that other programs or libraries may depend upon > to work in certain ways. Replacing the library function with a > hand-rolled version may or may not work -- the latter in this case :-/ But nobody wants to replace this function, look: this function is 6 libraries away from the main program, i.e.: putty is linked to libglib12 and libc, from libc we load /usr/local/lib/nss_ldap, then libldap, then libssl and finally libcrypto... Should'nt libc load nss_ldap with kind of RTLD_LOCAL, so the libc will load libldap in another symbol-space so symbol lookups will not end in main program (if it is at all possible... I'm not familiar with dynamic linking)? If not, then it is the fact, that programmer of any program should aviod duplicating function names across every library that may eventually be installed and somehow linked to this programm, what sounds rather ridiculous to me. > > > And now my question: should the putty change the function name (what > > sound wired) or there should be done some magic in libcrypto, so > > such situations would not happen (what sounds tricky)? > > PuTTY can change the name of a function internal to the application a > lot easier than a library. Changing the library affects all the > programs linked to it, which is bound to be a lot more painful than > changing putty. But it will not resolve similiar problems in future... Cheers, Wiktor Niesiobedzki
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041123185923.GH3584>