This corrects the reference count handling in SSL_get_session.

Previously, the returned SSL_SESSION didn't have its reference count incremented so the SSL_SESSION could be freed at any time causing seg-faults if the pointer was subsequently used. Code that uses SSL_get_session must now make a corresponding SSL_SESSION_free() call when it is done to avoid memory leaks (or blocked up session caches). Submitted By: Geoff Thorpe <geoff@eu.c2.net>
author: Mark J. Cox <mark@openssl.org> 1999-11-15 16:31:31 +0000
committer: Mark J. Cox <mark@openssl.org> 1999-11-15 16:31:31 +0000
commit: b7cfcfb7f8e17c17f457b3384010eb027f3aad72 (patch)
tree: 5b5789625f7de0a23738f3e56bf4b6838456ae44 /ssl
parent: 06556a1744dced40a2a77d7b6e4bb73f6e611b8d (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 681499f08a..4dddf627cd 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -69,7 +69,16 @@ static STACK *ssl_session_meth=NULL;
 
 SSL_SESSION *SSL_get_session(SSL *ssl)
 	{
-	return(ssl->session);
+	SSL_SESSION *sess;
+	/* Need to lock this all up rather than just use CRYPTO_add so that
+	 * somebody doesn't free ssl->session between when we check it's
+	 * non-null and when we up the reference count. */
+	CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
+	sess = ssl->session;
+	if(sess)
+		sess->references++;
+	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
+	return(sess);
 	}
 
 int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
author	Mark J. Cox <mark@openssl.org>	1999-11-15 16:31:31 +0000
committer	Mark J. Cox <mark@openssl.org>	1999-11-15 16:31:31 +0000
commit	b7cfcfb7f8e17c17f457b3384010eb027f3aad72 (patch)
tree	5b5789625f7de0a23738f3e56bf4b6838456ae44 /ssl
parent	06556a1744dced40a2a77d7b6e4bb73f6e611b8d (diff)