[openssl] master update

dev at ddvo.net dev at ddvo.net
Tue Jan 4 16:02:49 UTC 2022 

The branch master has been updated
       via  97b8c859c64bc60fcf5bb27ed51489c81fde41b3 (commit)
      from  2e6afe1079c6993868c5d8a813605d16980e8e10 (commit)


- Log -----------------------------------------------------------------
commit 97b8c859c64bc60fcf5bb27ed51489c81fde41b3
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Jan 3 17:03:13 2022 +0100

    app_http_tls_cb: Fix double-free in case TLS not used
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17400)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/apps.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 328b0addb4..3b0266f158 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2464,9 +2464,10 @@ static const char *tls_error_hint(void)
 /* HTTP callback function that supports TLS connection also via HTTPS proxy */
 BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
 {
+    APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
+    SSL_CTX *ssl_ctx = info->ssl_ctx;
+
     if (connect && detail) { /* connecting with TLS */
-        APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
-        SSL_CTX *ssl_ctx = info->ssl_ctx;
         SSL *ssl;
         BIO *sbio = NULL;
 
@@ -2500,12 +2501,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
             if (hint != NULL)
                 ERR_add_error_data(2, " : ", hint);
         }
-        (void)ERR_set_mark();
-        BIO_ssl_shutdown(bio);
-        cbio = BIO_pop(bio); /* connect+HTTP BIO */
-        BIO_free(bio); /* SSL BIO */
-        (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
-        bio = cbio;
+        if (ssl_ctx != NULL) {
+            (void)ERR_set_mark();
+            BIO_ssl_shutdown(bio);
+            cbio = BIO_pop(bio); /* connect+HTTP BIO */
+            BIO_free(bio); /* SSL BIO */
+            (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */
+            bio = cbio;
+        }
     }
     return bio;
 }

More information about the openssl-commits mailing list