From 4864a232ee7f901388532f65911866ca2478cfa9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 16 Jun 2020 17:40:40 +0100 Subject: Don't attempt to duplicate the BIO state in SSL_dup SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs configured for it. This did not work. Firstly the SSL_dup code was passing a BIO ** as the destination argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that parameter. Any attempt to use this will either (1) fail silently, (2) crash or fail in some other strange way. Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make this work. Thirdly, if rbio == wbio in the original SSL object, then an attempt is made to up-ref the BIO in the new SSL object - even though it hasn't been set yet and is NULL. This results in a crash. This appears to have been broken for a very long time with at least some of the problems described above coming from SSLeay. The simplest approach is to just remove this capability from the function. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12245) --- ssl/ssl_lib.c | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'ssl/ssl_lib.c') diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1d96eb4d3b..f6a4964ed2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3841,21 +3841,6 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) - goto err; - } else { - BIO_up_ref(ret->rbio); - ret->wbio = ret->rbio; - } - } - ret->server = s->server; if (s->handshake_func) { if (s->server) -- cgit v1.2.3