From 1ee2125922d3302e3ea738442bf2b051a445cac0 Mon Sep 17 00:00:00 2001
From: Todd Short <tshort@akamai.com>
Date: Wed, 26 Apr 2017 14:05:49 -0400
Subject: Fix ex_data and session_dup issues

Code was added in commit b3c31a65 that overwrote the last ex_data value
using CRYPTO_dup_ex_data() causing a memory leak, and potentially
confusing the ex_data dup() callback.

In ssl_session_dup(), fix error handling (properly reference and up-ref
shared data) and new-up the ex_data before calling CRYPTO_dup_ex_data();
all other structures that dup ex_data have the destination ex_data new'd
before the dup.

Fix up some of the ex_data documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3323)
---
 crypto/ex_data.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'crypto/ex_data.c')

diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 4a3201a953..22c4d3d9b9 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -287,7 +287,14 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
         CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    if (!CRYPTO_set_ex_data(to, mx - 1, NULL))
+    /*
+     * Make sure the ex_data stack is at least |mx| elements long to avoid
+     * issues in the for loop that follows; so go get the |mx|'th element
+     * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
+     * to itself. This is normally a no-op; but ensures the stack is the
+     * proper size
+     */
+    if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
         goto err;
 
     for (i = 0; i < mx; i++) {
-- 
cgit v1.2.3