[openssl] master update

Matt Caswell matt at openssl.org
Mon May 17 09:51:53 UTC 2021


The branch master has been updated
       via  a227ff336fc934b4a52c4659ae423dfa10efd5f3 (commit)
      from  55373bfd419ca010a15aac18c88c94827e2f3a92 (commit)


- Log -----------------------------------------------------------------
commit a227ff336fc934b4a52c4659ae423dfa10efd5f3
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 14 15:33:40 2021 +0100

    Fix a use-after-free in the child provider code
    
    If the child provider context data gets cleaned up before all usage of
    providers has finished then a use-after-free can occur. We change the
    priority of this data so that it gets freed later.
    
    Fixes #15284
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15286)

-----------------------------------------------------------------------

Summary of changes:
 crypto/provider_child.c     | 2 +-
 include/internal/cryptlib.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/provider_child.c b/crypto/provider_child.c
index 2487d43fd7..14d0054624 100644
--- a/crypto/provider_child.c
+++ b/crypto/provider_child.c
@@ -47,7 +47,7 @@ static void child_prov_ossl_ctx_free(void *vgbl)
 }
 
 static const OSSL_LIB_CTX_METHOD child_prov_ossl_ctx_method = {
-    OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
+    OSSL_LIB_CTX_METHOD_LOW_PRIORITY,
     child_prov_ossl_ctx_new,
     child_prov_ossl_ctx_free,
 };
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index d943419a52..966c8f26f1 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,6 +168,7 @@ typedef struct ossl_ex_data_global_st {
 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX          18
 # define OSSL_LIB_CTX_MAX_INDEXES                   19
 
+# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY          -1
 # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY       0
 # define OSSL_LIB_CTX_METHOD_PRIORITY_1             1
 # define OSSL_LIB_CTX_METHOD_PRIORITY_2             2


More information about the openssl-commits mailing list