diff options
author | Todd Short <tshort@akamai.com> | 2017-05-26 08:42:21 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-06-01 16:51:33 -0400 |
commit | 24638211da59aaea93f3f85d8dd6ef0a36a8644e (patch) | |
tree | aefed8166b8d6716f63c1d9fc08cb3c05ea3456f /crypto/ex_data.c | |
parent | 9a2a0617e5b042ae5d5b53886e30dc47fe778f7f (diff) | |
download | openssl-new-24638211da59aaea93f3f85d8dd6ef0a36a8644e.tar.gz |
Fix ex_data memory leak
Code was added in commit 62f488d that overwrite the last ex_data valye
using CRYPTO_dup_ex_data() causing a memory leak and potentially
confusing the ex_data dup() callback.
In ssl_session_dup(), new-up the ex_data before calling
CRYPTO_dup_ex_data(); all the other structures that dup ex_data have
the destination ex_data new'd before the dup.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3568)
Diffstat (limited to 'crypto/ex_data.c')
-rw-r--r-- | crypto/ex_data.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 108a1959ea..723b21b3d2 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -473,7 +473,14 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, if (j < mx) mx = j; if (mx > 0) { - if (!CRYPTO_set_ex_data(to, mx - 1, NULL)) + /* + * Make sure the ex_data stack is at least |mx| elements long to avoid + * issues in the for loop that follows; so go get the |mx|'th element + * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign + * to itself. This is normally a no-op; but ensures the stack is the + * proper size + */ + if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1))) goto skip; storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); if (!storage) |