[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Richard Levitte
levitte at openssl.org
Tue Jan 24 14:06:54 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via cee0cdbc618d89f6e9eb14c360be8230b8397095 (commit)
from b81aadde0c7d35038aec89c5350512d7d2914cdb (commit)
- Log -----------------------------------------------------------------
commit cee0cdbc618d89f6e9eb14c360be8230b8397095
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Thu Dec 22 20:17:29 2016 +0100
Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert
- s == NULL can mean c is a new session *or* lh_insert was
unable to create a hash entry.
- use lh_SSL_SESSION_retrieve to check for this error condition.
- If it happens simply remove the extra reference again.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2138)
(cherry picked from commit 38088ce9934a90d4aea486edbff864f3935342e6)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_sess.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eee1ca1..43cb1d3 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -660,6 +660,15 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
* obtain the same session from an external cache)
*/
s = NULL;
+ } else if (s == NULL &&
+ lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+ /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+ /*
+ * ... so take back the extra reference and also don't add
+ * the session to the SSL_SESSION_list at this time
+ */
+ s = c;
}
/* Put at the head of the queue unless it is already in the cache */
More information about the openssl-commits
mailing list