Get pointer type right in BIO_ssl_shutdown()
authorRich Salz <rsalz@openssl.org>
Thu, 16 Feb 2017 16:13:47 +0000 (11:13 -0500)
committerRich Salz <rsalz@openssl.org>
Tue, 7 Mar 2017 14:56:49 +0000 (09:56 -0500)
Also, restore 1.0.2 behavior of looping over all BIO's in the chain.
Thanks to Joseph Bester for finding this and suggesting a fix to the
crash.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2651)

ssl/bio_ssl.c

index 8b5036f..29ae258 100644 (file)
@@ -506,12 +506,13 @@ int BIO_ssl_copy_session_id(BIO *t, BIO *f)
 
 void BIO_ssl_shutdown(BIO *b)
 {
-    SSL *s;
-
-    b = BIO_find_type(b, BIO_TYPE_SSL);
-    if (b == NULL)
-        return;
-
-    s = BIO_get_data(b);
-    SSL_shutdown(s);
+    BIO_SSL *bdata;
+
+    for (; b != NULL; b = BIO_next(b)) {
+        if (BIO_method_type(b) != BIO_TYPE_SSL)
+            continue;
+        bdata = BIO_get_data(b);
+        if (bdata != NULL && bdata->ssl != NULL)
+            SSL_shutdown(bdata->ssl);
+    }
 }