Avoid loading of a dynamic engine twice

Use the address of the bind function as a DYNAMIC_ID, since the true name of the engine is not known before the bind function returns, but invoking the bind function before the engine is unloaded results in memory corruption. Fixes #17023 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17073) (cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2021-11-19 11:33:34 +0100
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2021-11-23 06:12:32 +0100
commit: 9b06ebb1edfddffea083ba36090af7eb7cad207b (patch)
tree: b24944686ce61eab0ca8855f24879171044f90e0 /crypto/engine/eng_dyn.c
parent: c28bcc507be1b035237892181bbbb28383c3f2be (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 06e677290a..cb1a30799e 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -477,7 +477,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
     engine_set_all_null(e);
 
     /* Try to bind the ENGINE onto our own ENGINE structure */
-    if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+    if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
+            || !ctx->bind_engine(e, ctx->engine_id, &fns)) {
+        engine_remove_dynamic_id(e, 1);
         ctx->bind_engine = NULL;
         ctx->v_check = NULL;
         DSO_free(ctx->dynamic_dso);
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2021-11-19 11:33:34 +0100
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2021-11-23 06:12:32 +0100
commit	9b06ebb1edfddffea083ba36090af7eb7cad207b (patch)
tree	b24944686ce61eab0ca8855f24879171044f90e0 /crypto/engine/eng_dyn.c
parent	c28bcc507be1b035237892181bbbb28383c3f2be (diff)