[openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Tue Nov 5 21:17:17 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  f6483fc2db36fbfd622b6aff19d8ebfaa274c996 (commit)
      from  7bb50cbc4af78a0c8d36fdf2c141ad1330125e2f (commit)


- Log -----------------------------------------------------------------
commit f6483fc2db36fbfd622b6aff19d8ebfaa274c996
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Nov 13 15:17:21 2018 +0100

    BIO_s_connect: add an error state and use it
    
    If no connection could be made, addr_iter will eventually end up being
    NULL, and if the user didn't check the returned error value, the
    BIO_CONN_S_CONNECT code will be performed again and will crash.
    
    So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into
    when we run out of addresses to try.  That state will just simply say
    "error" back, until the user does something better with the BIO, such
    as free it or reset it.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10333)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/bss_conn.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 264e25a1c2..ad299ac716 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -54,6 +54,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a);
 #define BIO_CONN_S_CONNECT               4
 #define BIO_CONN_S_OK                    5
 #define BIO_CONN_S_BLOCKED_CONNECT       6
+#define BIO_CONN_S_CONNECT_ERROR         7
 
 static const BIO_METHOD methods_connectp = {
     BIO_TYPE_CONNECT,
@@ -174,7 +175,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                     ERR_add_error_data(4,
                                        "hostname=", c->param_hostname,
                                        " service=", c->param_service);
-                    BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+                    c->state = BIO_CONN_S_CONNECT_ERROR;
+                    break;
                 }
                 goto exit_loop;
             } else {
@@ -197,6 +199,11 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                 c->state = BIO_CONN_S_OK;
             break;
 
+        case BIO_CONN_S_CONNECT_ERROR:
+            BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+            ret = 0;
+            goto exit_loop;
+
         case BIO_CONN_S_OK:
             ret = 1;
             goto exit_loop;


More information about the openssl-commits mailing list