-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap use after free in ENGINE_remove #16735
Comments
One additional questionable thing is, when I remove the line |
I can't explain this part since there is a problem in daysnc engine. How have you tested other engines? The problem is here: Lines 313 to 318 in 657d192
The dasync engine free the EVP_PKEY_METHOD it previously created and set here: Line 234 in 657d192
But actually this is incorrect since libcrypto automatically frees all the EVP_PKEY_METHODs for you when it removes the ENGINE: openssl/crypto/engine/tb_pkmeth.c Lines 98 to 117 in 657d192
This is because the 1.1.1 dasync engine does not support an EVP_PKEY_METHOD but it does in master/3.0. |
okay, my fault. I thought I had seen that also with ossltest / aes_128_cbc, but when I tried it again, |
And what do you think about the OPENSSL_INIT_ENGINE_DYNAMIC no longer needed, is that on purpose? |
This looks like a bug in 1.1.1 to me. You should not need to call In this case it looks like that bug was fixed by #11543 (a5c864c), and it should be backported to 1.1.1. |
|
Fixes: openssl#16724 Fixes: openssl#16735
…gines() is performed. Backport of commit a5c864c (PR11543) to 1.1.1. See also openssl#16735 Fixes openssl#11510
when I compile the test case from #7950 with address sanitizer there is a heap use after free:
#7950 (comment)
I think this is a different issue than #16724 since it happens with every engine
not only dasync, and also here the test case is okay in 1.1.1 but broken in master.
The text was updated successfully, but these errors were encountered: