[openssl-dev] [openssl.org #4047] [PATCH] early "references = 1" init

Wed, 16 Sep 2015 07:24:53 -0700 

Hi ,

While looking at this commit
https://github.com/openssl/openssl/commit/64b25758edca688a30f02c260262150f7ad0bc7d

I notice a code path that can triggera  REF_CHECK error message "...,
bad reference count\n" in some particular case.
I see the same pattern in other code places.

I have not check if this issue is present in any released branch, but
I guess it is possible.

Please find attached the fix related to the trunk/master code.

Regards,
Filipe DA SILVA


Index: crypto/asn1/x_pkey.c
===================================================================
diff --git a/trunk/crypto/asn1/x_pkey.c b/trunk/crypto/asn1/x_pkey.c
--- a/trunk/crypto/asn1/x_pkey.c	(revision 22289)
+++ b/trunk/crypto/asn1/x_pkey.c	(working copy)
@@ -70,11 +70,12 @@
     if (!ret)
         goto err;
 
+    ret->references = 1;
     ret->enc_algor = X509_ALGOR_new();
     ret->enc_pkey = ASN1_OCTET_STRING_new();
     if (!ret->enc_algor || !ret->enc_pkey)
         goto err;
-    ret->references = 1;
+
     return ret;
 err:
     X509_PKEY_free(ret);
Index: ssl/ssl_cert.c
===================================================================
diff --git a/trunk/ssl/ssl_cert.c b/trunk/ssl/ssl_cert.c
--- a/trunk/ssl/ssl_cert.c	(revision 22289)
+++ b/trunk/ssl/ssl_cert.c	(working copy)
@@ -192,6 +192,7 @@
         return (NULL);
     }
 
+    ret->references = 1;
     ret->key = &ret->pkeys[cert->key - cert->pkeys];
 
 #ifndef OPENSSL_NO_RSA
@@ -278,7 +279,6 @@
         }
     }
 
-    ret->references = 1;
     /* Configured sigalgs copied across */
     if (cert->conf_sigalgs) {
         ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
Index: ssl/ssl_lib.c
===================================================================
diff --git a/trunk/ssl/ssl_lib.c b/trunk/ssl/ssl_lib.c
--- a/trunk/ssl/ssl_lib.c	(revision 22289)
+++ b/trunk/ssl/ssl_lib.c	(working copy)
@@ -286,6 +286,7 @@
     s->options = ctx->options;
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
 
     /*
      * Earlier library versions used to copy the pointer to the CERT, not
@@ -372,7 +373,6 @@
     if (!s->method->ssl_new(s))
         goto err;
 
-    s->references = 1;
     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
     if (!SSL_clear(s))

_______________________________________________
openssl-bugs-mod mailing list
[email protected]
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to