In function wait_for_async(), allocated async fds is freed if
`SSL_get_all_async_fds` fails, but later `fds` is used. Interestingly,
it is not freed when everything succeeds.
Rewrite the FD set loop to make it more readable and to not modify the allocated
pointer so it can be freed.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3992)
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
size_t numfds;
fd_set asyncfds;
OSSL_ASYNC_FD *fds;
size_t numfds;
if (!SSL_get_all_async_fds(s, NULL, &numfds))
return;
if (!SSL_get_all_async_fds(s, NULL, &numfds))
return;
fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
if (!SSL_get_all_async_fds(s, fds, &numfds)) {
OPENSSL_free(fds);
- while (numfds > 0) {
- if (width <= (int)*fds)
- width = (int)*fds + 1;
- openssl_fdset((int)*fds, &asyncfds);
- numfds--;
- fds++;
+ for (i = 0; i < numfds; i++) {
+ if (width <= (int)fds[i])
+ width = (int)fds[i] + 1;
+ openssl_fdset((int)fds[i], &asyncfds);
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);
}
select(width, (void *)&asyncfds, NULL, NULL, NULL);