[openssl] master update
dev at ddvo.net
dev at ddvo.net
Tue Jan 4 16:02:49 UTC 2022
The branch master has been updated
via 97b8c859c64bc60fcf5bb27ed51489c81fde41b3 (commit)
from 2e6afe1079c6993868c5d8a813605d16980e8e10 (commit)
- Log -----------------------------------------------------------------
commit 97b8c859c64bc60fcf5bb27ed51489c81fde41b3
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Mon Jan 3 17:03:13 2022 +0100
app_http_tls_cb: Fix double-free in case TLS not used
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/apps.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 328b0addb4..3b0266f158 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2464,9 +2464,10 @@ static const char *tls_error_hint(void)
/* HTTP callback function that supports TLS connection also via HTTPS proxy */
BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
{
+ APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
+ SSL_CTX *ssl_ctx = info->ssl_ctx;
+
if (connect && detail) { /* connecting with TLS */
- APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
- SSL_CTX *ssl_ctx = info->ssl_ctx;
SSL *ssl;
BIO *sbio = NULL;
@@ -2500,12 +2501,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
if (hint != NULL)
ERR_add_error_data(2, " : ", hint);
}
- (void)ERR_set_mark();
- BIO_ssl_shutdown(bio);
- cbio = BIO_pop(bio); /* connect+HTTP BIO */
- BIO_free(bio); /* SSL BIO */
- (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
- bio = cbio;
+ if (ssl_ctx != NULL) {
+ (void)ERR_set_mark();
+ BIO_ssl_shutdown(bio);
+ cbio = BIO_pop(bio); /* connect+HTTP BIO */
+ BIO_free(bio); /* SSL BIO */
+ (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
+ bio = cbio;
+ }
}
return bio;
}
More information about the openssl-commits
mailing list