Get pointer type right in BIO_ssl_shutdown()
authorRich Salz <rsalz@openssl.org>
Thu, 16 Feb 2017 16:13:47 +0000 (11:13 -0500)
committerRich Salz <rsalz@openssl.org>
Tue, 7 Mar 2017 15:05:08 +0000 (10:05 -0500)
Also, restore 1.0.2 behavior of looping over all BIO's in the chain.
Thanks to Joseph Bester for finding this and suggesting a fix to the
crash.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2651)
(cherry picked from commit 9015d34e141af747f7c750f8d08f862b2a8273c7)

ssl/bio_ssl.c

index 3dd09cf52de2e36114772e70daf0f15f70031cf5..5322c0364681fc524369e2f7acfdac6855dee103 100644 (file)
@@ -517,12 +517,13 @@ int BIO_ssl_copy_session_id(BIO *t, BIO *f)
 
 void BIO_ssl_shutdown(BIO *b)
 {
-    SSL *s;
-
-    b = BIO_find_type(b, BIO_TYPE_SSL);
-    if (b == NULL)
-        return;
-
-    s = BIO_get_data(b);
-    SSL_shutdown(s);
+    BIO_SSL *bdata;
+
+    for (; b != NULL; b = BIO_next(b)) {
+        if (BIO_method_type(b) != BIO_TYPE_SSL)
+            continue;
+        bdata = BIO_get_data(b);
+        if (bdata != NULL && bdata->ssl != NULL)
+            SSL_shutdown(bdata->ssl);
+    }
 }