[openssl-dev] SSL_set_bio(ssl, bio, bio) and BIO_up_ref(bio)
Mischa Salle
mischa.salle at gmail.com
Mon Jan 30 10:13:52 UTC 2017
Hi all,
I noticed a doublefree when calling SSL_set_bio(ssl, bio, bio) followed by
either SSL_set_bio(ssl, NULL, NULL) or SSL_set_io_SSL_free(ssl). Valgrind
shows the double free, and I see the assert in
https://github.com/openssl/openssl/blob/master/crypto/bio/bio_lib.c#L122
fail. This is all due to the same bio being using for read and write.
I found that in
https://github.com/openssl/openssl/blob/master/ssl/bio_ssl.c#L331-L332 the
ref-count is manually adjusted, which indeed also fixes my doublefree.
However, it seems that in a number of other places where SSL_set_bio is
called with equal rbio and wbio, this is not the case, e.g. in
apps/s_server.c (L2157, L2735, L3099) and also in
https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L1161 itself.
So the question is, when exactly is it necessary to manually adjust the ref
count, and couldn't this be done automatically in e.g. the SSL_set_bio(ssl,
bio, bio) ?
Best wishes,
Mischa Salle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170130/183adea0/attachment.html>
More information about the openssl-dev
mailing list