QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-28 10:44:38 +00:00
Code Issues Projects Releases Wiki Activity

Fix use-after-free in BIO_C_SET_SSL callback

Browse Source 
Since the BIO_SSL structure was renewed by `ssl_free(b)/ssl_new(b)`,
the `bs` pointer needs to be updated before assigning to `bs->ssl`.

Thanks to @suishixingkong for reporting the issue and providing a fix.

Closes #10539

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11746)
This commit is contained in:
Dr. Matthias St. Pierre 2020-05-06 17:24:13 +02:00
parent 90fc2c26df
commit 73d6b4efe6
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ssl/bio_ssl.c
View File

@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
ssl_free(b); ssl_free(b);
if (!ssl_new(b)) if (!ssl_new(b))
return 0; return 0;
bs = BIO_get_data(b);
} }
BIO_set_shutdown(b, num); BIO_set_shutdown(b, num);
ssl = (SSL *)ptr; ssl = (SSL *)ptr;