BUG ?: ssl_bio.c increase reference count (BIO_push), but doesn't remove it (BIO_pop)

Mon, 25 Nov 2002 23:32:33 -0800 

Env: openssl-0.9.6g (9-aug-2002), VC6/masm, WinXP

Hi,

When you do BIO_push on a SSL BIO object, reference count (CRYPTO_LOCK_BIO)
is increased on next BIO object. The problem is when you later pop the SSL
BIO, then the reference count isn't decreased. This isn't a problem as long
as you're supposed to do BIO_free twice on next BIO (a socket BIO in my
case). I want to do one, single BIO_free on my socket BIO and it should
shutdown/close the socket--but that doesn't work! (Example code below, after
the diff)

Is this correct behavior? Have I missed something? If not, below fix works
for me:

Index: crypto/bio/bio_lib.c
===================================================================
RCS file: c:\cvsroot/openssl-0.9.6g/crypto/bio/bio_lib.c,v
retrieving revision 1.1
diff -u -r1.1 bio_lib.c
--- crypto/bio/bio_lib.c 2 Nov 2002 13:02:10 -0000 1.1
+++ crypto/bio/bio_lib.c 26 Nov 2002 00:48:15 -0000
@@ -381,6 +381,9 @@

  if (b == NULL) return(NULL);
  ret=b->next_bio;
+
+    /* called to do internal process before bio is unlinked */
+    BIO_ctrl(b,BIO_CTRL_POP,0,NULL);

  if (b->prev_bio != NULL)
   b->prev_bio->next_bio=b->next_bio;
@@ -389,7 +392,6 @@

  b->next_bio=NULL;
  b->prev_bio=NULL;
- BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
  return(ret);
  }

Index: ssl/bio_ssl.c
===================================================================
RCS file: c:\cvsroot/openssl-0.9.6g/ssl/bio_ssl.c,v
retrieving revision 1.1
diff -u -r1.1 bio_ssl.c
--- ssl/bio_ssl.c 2 Nov 2002 13:03:47 -0000 1.1
+++ ssl/bio_ssl.c 26 Nov 2002 01:28:44 -0000
@@ -399,6 +399,8 @@
    {
    BIO_free_all(ssl->wbio);
    }
+  if (b->next_bio != NULL)
+   CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
   ssl->wbio=NULL;
   ssl->rbio=NULL;
   break;


Example code:
    ...
    sockbio = BIO_new_socket(s, BIO_CLOSE);
    sslbio = BIO_new_ssl(g_Ssl.ctx, TRUE);
    if (!sslbio)
        goto cleanup;

    BIO_push(sslbio, sockbio);
    if (BIO_do_connect(sslbio) <= 0)
        goto cleanup;

    SendHttpRequest(sslbio);
    ReadHttpResponse(sslbio);

    BIO_ssl_shutdown(sslbio);
    BIO_pop(sslbio);

    success = TRUE;

cleanup:
    /* BUG ?: Have to do BIO_free twice on sockbio, otherwise it won't free
it nor close the socket */
    BIO_free(sockbio);
    BIO_free(sslbio);
    ...


Thanks,
Jonas Sundgren

PS. The same problem exists in openssl-0.9.7-beta4 as well.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to