[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Rich Salz
rsalz at openssl.org
Thu Jun 1 20:54:22 UTC 2017
The branch OpenSSL_1_0_2-stable has been updated
via 24638211da59aaea93f3f85d8dd6ef0a36a8644e (commit)
from 9a2a0617e5b042ae5d5b53886e30dc47fe778f7f (commit)
- Log -----------------------------------------------------------------
commit 24638211da59aaea93f3f85d8dd6ef0a36a8644e
Author: Todd Short <tshort at akamai.com>
Date: Fri May 26 08:42:21 2017 -0400
Fix ex_data memory leak
Code was added in commit 62f488d that overwrite the last ex_data valye
using CRYPTO_dup_ex_data() causing a memory leak and potentially
confusing the ex_data dup() callback.
In ssl_session_dup(), new-up the ex_data before calling
CRYPTO_dup_ex_data(); all the other structures that dup ex_data have
the destination ex_data new'd before the dup.
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3568)
-----------------------------------------------------------------------
Summary of changes:
crypto/ex_data.c | 9 ++++++++-
ssl/ssl_sess.c | 6 ++++--
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 108a195..723b21b 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -473,7 +473,14 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
if (j < mx)
mx = j;
if (mx > 0) {
- if (!CRYPTO_set_ex_data(to, mx - 1, NULL))
+ /*
+ * Make sure the ex_data stack is at least |mx| elements long to avoid
+ * issues in the for loop that follows; so go get the |mx|'th element
+ * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
+ * to itself. This is normally a no-op; but ensures the stack is the
+ * proper size
+ */
+ if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
goto skip;
storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
if (!storage)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index f50f514..23dd3e7 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -261,7 +261,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
#ifndef OPENSSL_NO_SRP
dest->srp_username = NULL;
#endif
- memset(&dest->ex_data, 0, sizeof(dest->ex_data));
/* We deliberately don't copy the prev and next pointers */
dest->prev = NULL;
@@ -275,6 +274,9 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
if (src->peer != NULL)
CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+ goto err;
+
#ifndef OPENSSL_NO_PSK
if (src->psk_identity_hint) {
dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
@@ -325,7 +327,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
}
# endif
- if (ticket != 0) {
+ if (ticket != 0 && src->tlsext_tick != NULL) {
dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
if(dest->tlsext_tick == NULL)
goto err;
More information about the openssl-commits
mailing list