diff options
author | Todd Short <tshort@akamai.com> | 2017-04-26 14:05:49 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-14 10:38:51 +0100 |
commit | 8ab4fed9bdcc5b8498b3d59d2fa72dd045f63539 (patch) | |
tree | 09d80a30db55902e9b4dc750a1ed0b6258facdfe /ssl | |
parent | 819d18f6116e97845ebe453128f3c2a78e42a785 (diff) |
Fix ex_data and session_dup issues
Code was added in commit b3c31a65 that overwrote the last ex_data value
using CRYPTO_dup_ex_data() causing a memory leak, and potentially
confusing the ex_data dup() callback.
In ssl_session_dup(), fix error handling (properly reference and up-ref
shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data();
all other structures that dup ex_data have the destination ex_data new'd
before the dup.
Fix up some of the ex_data documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3625)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_sess.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 3f068840b9..92ba599566 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -138,6 +138,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif + dest->peer_chain = NULL; + dest->peer = NULL; memset(&dest->ex_data, 0, sizeof(dest->ex_data)); /* We deliberately don't copy the prev and next pointers */ @@ -150,8 +152,14 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->lock == NULL) goto err; - if (src->peer != NULL) - X509_up_ref(src->peer); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) + goto err; + + if (src->peer != NULL) { + if (!X509_up_ref(src->peer)) + goto err; + dest->peer = src->peer; + } if (src->peer_chain != NULL) { dest->peer_chain = X509_chain_up_ref(src->peer_chain); @@ -207,7 +215,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } #endif - if (ticket != 0) { + if (ticket != 0 && src->tlsext_tick != NULL) { dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen); if (dest->tlsext_tick == NULL) |