diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-08-16 17:04:04 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-08-16 17:04:04 +0000 |
commit | 82a20fb0f0134a1762d4559f000292af60f399a3 (patch) | |
tree | cae419df511e68974a87b0c9bd9ea071291db051 /ssl | |
parent | 428112ef10f63f748c4b6043e4640c4e5e99542b (diff) |
Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
Submitted by:
Reviewed by:
PR: 212
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index eda3cfd116..1ddd3380ac 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1409,13 +1409,24 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); + /* + * Free internal session cache. However: the remove_cb() may reference + * the ex_data of SSL_CTX, thus the ex_data store can only be removed + * after the sessions were flushed. + * As the ex_data handling routines might also touch the session cache, + * the most secure solution seems to be: empty (flush) the cache, then + * free ex_data, then finally free the cache. + * (See ticket [openssl.org #212].) + */ if (a->sessions != NULL) - { SSL_CTX_flush_sessions(a,0); + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); + + if (a->sessions != NULL) lh_free(a->sessions); - } + if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) |