Still Failing: openssl/openssl#38343 (master - 3d7e7e7)

Travis CI builds at travis-ci.com
Mon Nov 2 19:13:46 UTC 2020


Build Update for openssl/openssl
-------------------------------------

Build: #38343
Status: Still Failing

Duration: 1 hr, 30 mins, and 23 secs
Commit: 3d7e7e7 (master)
Author: jwalch
Message: Prevent potential UAF in init_thread_deregister()

I discovered the potential for use-after-free on glob_tevent_reg &
its members in this function as a consequence of some static (de-)initialization
fiasco in C++ client code.

Long story short, an EVP_PKEY_free() was happening after
OPENSSL_cleanup(). Aside from being freed the EVP_PKEY object wasn't
actually being used after cleanup, it was basically just an
ordering issue.

Obviously the application behavior here is somewhat suspect,
but IMO is basically benign. Crashing (most typical outcome
of a UAF) doesn't seem the optimal response.

At any rate, the issue can be avoided (at least with regard to this function)
by simply updating the pointer to NULL rather than leaving it pointing
to the freed memory, as is the typical practice.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13267)

View the changeset: https://github.com/openssl/openssl/compare/d1ca39112386...3d7e7e7c4821

View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/197234692?utm_medium=notification&utm_source=email


--

You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20201102/bed85143/attachment.html>


More information about the openssl-commits mailing list