diff options
| author | FdaSilvaYY <fdasilvayy@gmail.com> | 2021-04-27 22:50:18 +0200 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2021-05-01 18:23:21 +0200 |
| commit | 045a893091994a5837a2bec9cc5646ae9ff07a2c (patch) | |
| tree | cd498f84affef630a84d630199cc869964361602 /ssl/ssl_lib.c | |
| parent | dd28d1c4d305574e5feacb0f3fee21192b9ccf2f (diff) | |
ssl: fix possible ref counting fields use before init.
`strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called.
The possible call is made before reference and lock fields setup.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15052)
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3d0f309fd2..27a5ec4581 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3181,6 +3181,15 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (ret == NULL) goto err; + /* Init the reference counting before any call to SSL_CTX_free */ + ret->references = 1; + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ret); + return NULL; + } + ret->libctx = libctx; if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); @@ -3196,13 +3205,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; /* We take the system default. */ ret->session_timeout = meth->get_timeout(); - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; ret->verify_mode = SSL_VERIFY_NONE; if ((ret->cert = ssl_cert_new()) == NULL) |