projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e16c010)
Don't free the prev BIO prematurely
authorMatt Caswell <matt@openssl.org>
Tue, 15 Aug 2023 14:33:34 +0000 (15:33 +0100)
committerHugo Landau <hlandau@openssl.org>
Thu, 17 Aug 2023 07:06:43 +0000 (08:06 +0100)
We shouldn't free the prev BIO in ssl_set_new_record_layer until it is
no longer referenced by s->rlayer.rrlnext.

Found by the reproducible error patch in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)

ssl/record/rec_layer_s3.c patch | blob | history

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 2f5a61147078a46114234f21d449feee02e849f3..16726019f9d6c988bc64632f405ba8c3b1868ed7 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1325,7 +1325,6 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
                 next = BIO_new(BIO_s_mem());
 
             if (next == NULL) {
-                BIO_free(prev);
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
Unnamed repository; edit this file 'description' to name the repository.