mirror of
https://github.com/openssl/openssl.git
synced 2025-03-07 19:38:33 +08:00
bcb61b39b4
mac_dupctx() should make a copy of the propq field. Currently it does a shallow copy which can result in a double free and crash. The double free occurs when using a provider property string. For example, passing in "fips=no" to SSL_CTX_new_ex() causes the propq field to get set to that value. When mac_dupctx() and mac_freectx() is called (ie: in SSL_write()) it ends up freeing the reference of the original object instead of a copy. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13926) |
||
|---|---|---|
| .. | ||
| asymciphers | ||
| ciphers | ||
| digests | ||
| encode_decode | ||
| exchange | ||
| include/prov | ||
| kdfs | ||
| kem | ||
| keymgmt | ||
| macs | ||
| rands | ||
| signature | ||
| storemgmt | ||
| build.info | ||