Prevent use after free of global_engine_lock
authorTomas Mraz <tmraz@fedoraproject.org>
Thu, 21 May 2020 11:16:57 +0000 (13:16 +0200)
committerTomas Mraz <tmraz@fedoraproject.org>
Fri, 22 May 2020 12:50:00 +0000 (14:50 +0200)
If buggy application calls engine functions after cleanup of engines
already happened the global_engine_lock will be used although
already freed.

See for example:
https://bugzilla.redhat.com/show_bug.cgi?id=1831086

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11896)

crypto/engine/eng_lib.c

index 4ba235c..0cdb3fd 100644 (file)
@@ -171,6 +171,7 @@ void engine_cleanup_int(void)
         cleanup_stack = NULL;
     }
     CRYPTO_THREAD_lock_free(global_engine_lock);
         cleanup_stack = NULL;
     }
     CRYPTO_THREAD_lock_free(global_engine_lock);
+    global_engine_lock = NULL;
 }
 
 /* Now the "ex_data" support */
 }
 
 /* Now the "ex_data" support */