[openssl] master update

tomas at openssl.org tomas at openssl.org
Thu Feb 18 11:12:04 UTC 2021

The branch master has been updated
       via  bcb61b39b47419b9de1dbc37cd2f67b71eeb23ea (commit)
      from  5d8ffebbcdf4992d3c428201b1f3330020bbe92e (commit)

- Log -----------------------------------------------------------------
commit bcb61b39b47419b9de1dbc37cd2f67b71eeb23ea
Author: zekeevans-mf <77804765+zekeevans-mf at users.noreply.github.com>
Date:   Thu Jan 21 12:24:51 2021 -0700

    Add deep copy of propq field in mac_dupctx to avoid double free
    mac_dupctx() should make a copy of the propq field. Currently it
    does a shallow copy which can result in a double free and crash.
    The double free occurs when using a provider property string.
    For example, passing in "fips=no" to SSL_CTX_new_ex() causes the
    propq field to get set to that value. When mac_dupctx() and
    mac_freectx() is called (ie: in SSL_write()) it ends up freeing
    the reference of the original object instead of a copy.
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13926)


Summary of changes:
 providers/implementations/signature/mac_legacy.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c
index 7d23e36f2b..2386583069 100644
--- a/providers/implementations/signature/mac_legacy.c
+++ b/providers/implementations/signature/mac_legacy.c
@@ -172,9 +172,13 @@ static void *mac_dupctx(void *vpmacctx)
         return NULL;
     *dstctx = *srcctx;
+    dstctx->propq = NULL;
     dstctx->key = NULL;
     dstctx->macctx = NULL;
+    if (srcctx->propq != NULL && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL)
+        goto err;
     if (srcctx->key != NULL && !ossl_mac_key_up_ref(srcctx->key))
         goto err;
     dstctx->key = srcctx->key;

More information about the openssl-commits mailing list