Avoid valgrind warnings in mod_ssl random number generator

We intentionally add uninitialized stack memory. To avoid warnings, make valgrind believe that the memory is defined. Add configure option to enable valgrind support git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1442307 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2013-02-04 19:34:08 +00:00
parent 7db330784a
commit 8736e6a6d0
5 changed files with 43 additions and 0 deletions
--- a/3
+++ b/3
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.5.0

+  *) core: Add option to add valgrind suport. Use it to reduce false positive
+     warnings in mod_ssl. [Stefan Fritsch]
+
  *) mod_lua: Add bindings for apr_dbd/mod_dbd database access
     [Daniel Gruno]

--- a/configure.in
+++ b/configure.in
@@ -659,6 +659,22 @@ fi
 APACHE_SUBST(PICFLAGS)
 APACHE_SUBST(PILDFLAGS)

+AC_ARG_WITH(valgrind,
+  [  --with-valgrind[[=DIR]]   Enable code to reduce valgrind false positives
+                          (optionally: set path to valgrind headers) ],
+  [ if test "$withval" != no; then
+      if test "$withval" = yes; then
+        withval=/usr/include/valgrind
+      fi
+      APR_ADDTO(CPPFLAGS, -I$withval)
+      AC_CHECK_HEADERS(valgrind.h memcheck.h)
+      APR_IFALLYES(header:valgrind.h header:memcheck.h,
+        [AC_DEFINE(HAVE_VALGRIND, 1, [Compile in valgrind support]) ],
+        [AC_MSG_ERROR(valgrind headers not found) ]
+      )
+    fi ]
+)
+
 prefix="$orig_prefix"
 APACHE_ENABLE_MODULES

--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -32,6 +32,11 @@

 #include <assert.h>

+#if HAVE_VALGRIND
+#include <valgrind.h>
+int ssl_running_on_valgrind = 0;
+#endif
+
 /*
 *  the table of configuration directives we provide
 */
@@ -347,6 +352,11 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
                               apr_pool_t *plog,
                               apr_pool_t *ptemp)
 {
+
+#if HAVE_VALGRIND
+     ssl_running_on_valgrind = RUNNING_ON_VALGRIND;
+#endif
+
    /* We must register the library in full, to ensure our configuration
     * code can successfully test the SSL environment.
     */
--- a/modules/ssl/ssl_engine_rand.c
+++ b/modules/ssl/ssl_engine_rand.c
@@ -29,6 +29,11 @@

 #include "ssl_private.h"

+#if HAVE_VALGRIND
+#include <valgrind.h>
+#include <memcheck.h>
+#endif
+
 /*  _________________________________________________________________
 **
 **  Support for better seeding of SSL library's RNG
@@ -113,6 +118,11 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
                /*
                 * seed in some current state of the run-time stack (128 bytes)
                 */
+#if HAVE_VALGRIND
+                if (ssl_running_on_valgrind) {
+                    VALGRIND_MAKE_MEM_DEFINED(stackdata, sizeof(stackdata));
+                }
+#endif
                n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
                RAND_seed(stackdata+n, 128);
                nDone += 128;
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -1024,6 +1024,10 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
                                            conn_rec *c, apr_pool_t *p);
 #endif

+#if HAVE_VALGRIND
+extern int ssl_running_on_valgrind;
+#endif
+
 #endif /* SSL_PRIVATE_H */
 /** @} */