QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-28 18:54:36 +00:00
Code Issues Projects Releases Wiki Activity

Add deep copy of propq field in mac_dupctx to avoid double free

Browse Source 
mac_dupctx() should make a copy of the propq field. Currently it
does a shallow copy which can result in a double free and crash.
The double free occurs when using a provider property string.
For example, passing in "fips=no" to SSL_CTX_new_ex() causes the
propq field to get set to that value. When mac_dupctx() and
mac_freectx() is called (ie: in SSL_write()) it ends up freeing
the reference of the original object instead of a copy.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13926)
This commit is contained in:
zekeevans-mf 2021-01-21 12:24:51 -07:00 committed by Tomas Mraz
parent 5d8ffebbcd
commit bcb61b39b4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
providers/implementations/signature/mac_legacy.c
View File

@ -172,9 +172,13 @@ static void *mac_dupctx(void *vpmacctx)
return NULL;
*dstctx = *srcctx;
dstctx->propq = NULL;
dstctx->key = NULL;
dstctx->macctx = NULL;
if (srcctx->propq != NULL && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL)
goto err;
if (srcctx->key != NULL && !ossl_mac_key_up_ref(srcctx->key))
goto err;
dstctx->key = srcctx->key;