fix(user/module): read openssl version 3+ #661
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl 3+(尚未排查出是哪个 commit 导致)不再把版本号放入 libssl.so 的 .rodata 段中,导致自动检测失败从而回落到 openssl 3.0.0。 幸运的是 libcrypto.so 的 .rodata 段中有期望的版本号字符串且 libssl.so 链接到 libcrypto.so,自动获取 libssl 路径时从 libcrypto.so 读取是一个低成本的解决方案。 debian 的 libssl3 包 与 fedora 的 openssl-libs 包会把 libcrypto.so 和 libssl.so 打包在一起,没有查看 alpine 这类更小的发行版是否发生拆分。只能乐观地假设 libssl.so 存在但 libcrypto.so 不存在是不可接受的(环境损坏)。 fix: `https://github.com/gojue/ecapture/issues/609` or gojue#609
|
我需要提供什么额外的说明吗? |
|
尽量解析openssl 3.x so文件内的版本号,实现精确匹配吧。 |
我用 cutter 看过字符串, libssl.so dynstr 段里只有多个 0 结尾且不能精确表达版本信息的版本号,而且这样版本号不能匹配 openssl 3.2.3 和 openssl 3.3.2。 |
|
能否尝试找其他特征? 当前PR的修复方式,很不准确,我不赞成这个方格式。 |
|
抱歉,我目前只能想到这种依赖 libcrypto.so 但是相对更精确的方式。除非可以从没有调试信息的 libssl.so 搜索各种偏移 |
|
嗯,晚点我看看吧。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
openssl 3+(尚未排查出是哪个 commit 导致)不再把版本号放入 libssl.so 的 .rodata 段中,导致自动检测失败从而回落到 openssl 3.0.0。 幸运的是 libcrypto.so 的 .rodata 段中有期望的版本号字符串且 libssl.so 链接到 libcrypto.so,自动获取 libssl 路径时从 libcrypto.so 读取是一个低成本的解决方案。 debian 的 libssl3 包 与 fedora 的 openssl-libs 包会把 libcrypto.so 和 libssl.so 打包在一起,没有查看 alpine 这类更小的发行版是否发生拆分。只能乐观地假设 libssl.so 存在但 libcrypto.so 不存在是不可接受的(环境损坏)。
fix:
https://github.com/gojue/ecapture/issues/609or #609