Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
authorLutz Jänicke <jaenicke@openssl.org>
Fri, 16 Aug 2002 17:09:31 +0000 (17:09 +0000)
committerLutz Jänicke <jaenicke@openssl.org>
Fri, 16 Aug 2002 17:09:31 +0000 (17:09 +0000)
Submitted by:
Reviewed by:
PR: 212

CHANGES
ssl/ssl_lib.c

diff --git a/CHANGES b/CHANGES
index 8b947b8518ad2965311c91a44b2aa7dc561acaf8..74f417872b45c466c5e4551e6869c7c134797886 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
 
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
   *) Fix typo in OBJ_txt2obj which incorrectly passed the content
      length, instead of the encoding length to d2i_ASN1_OBJECT.
      [Steve Henson]
index 4f84a3476da0342e94e4bf0fd588a990fb497d08..6b5a135ffebca1700fadbd480abc183195566378 100644 (file)
@@ -1245,13 +1245,24 @@ void SSL_CTX_free(SSL_CTX *a)
                abort(); /* ok */
                }
 #endif
+  
+       /*
+        * Free internal session cache. However: the remove_cb() may reference
+        * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+        * after the sessions were flushed.
+        * As the ex_data handling routines might also touch the session cache,
+        * the most secure solution seems to be: empty (flush) the cache, then
+        * free ex_data, then finally free the cache.
+        * (See ticket [openssl.org #212].)
+        */
+       if (a->sessions != NULL)
+               SSL_CTX_flush_sessions(a,0);
+
        CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
 
        if (a->sessions != NULL)
-               {
-               SSL_CTX_flush_sessions(a,0);
-               lh_free(a->sessions);
-               }
+               lh_free(a->sessions);
+
        if (a->cert_store != NULL)
                X509_STORE_free(a->cert_store);
        if (a->cipher_list != NULL)