From: Lutz Jänicke Date: Fri, 16 Aug 2002 17:02:30 +0000 (+0000) Subject: Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). X-Git-Tag: OpenSSL_0_9_7-beta4~183 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=68a9ee13e81fcb21e6ef43fa8a7de1a6b6ee0a9a;p=oweals%2Fopenssl.git Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). Submitted by: Reviewed by: PR: 212 --- diff --git a/CHANGES b/CHANGES index 486a32b3f5..f1c4c4fef1 100644 --- a/CHANGES +++ b/CHANGES @@ -1672,6 +1672,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after + the cached sessions are flushed, as the remove_cb() might use ex_data + contents. Bug found by Sam Varshavchik + (see [openssl.org #212]). + [Geoff Thorpe, Lutz Jaenicke] + *) Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. [Steve Henson] diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ab172aeaec..4bc4ce5b3a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); + /* + * Free internal session cache. However: the remove_cb() may reference + * the ex_data of SSL_CTX, thus the ex_data store can only be removed + * after the sessions were flushed. + * As the ex_data handling routines might also touch the session cache, + * the most secure solution seems to be: empty (flush) the cache, then + * free ex_data, then finally free the cache. + * (See ticket [openssl.org #212].) + */ if (a->sessions != NULL) - { SSL_CTX_flush_sessions(a,0); + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); + + if (a->sessions != NULL) lh_free(a->sessions); - } + if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL)