Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ossl_provider_add_to_store: Avoid use-after-free #17295

Closed
wants to merge 1 commit into from
Closed

ossl_provider_add_to_store: Avoid use-after-free #17295

wants to merge 1 commit into from

Conversation

t8m
Copy link
Member

@t8m t8m commented Dec 16, 2021

Avoid freeing a provider that was not up-ref-ed before.

Fixes #17292

@t8m
ossl_provider_add_to_store: Avoid use-after-free
98dd7f6 
Avoid freeing a provider that was not up-ref-ed before.

Fixes openssl#17292
@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer triaged: bug The issue/pr is/fixes a bug branch: 3.0 Merge to openssl-3.0 branch labels Dec 16, 2021
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Dec 16, 2021
@t8m t8m added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Dec 16, 2021
@t8m t8m mentioned this pull request Dec 16, 2021
Closed
@openssl-machine
Copy link
Collaborator

24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually.

@t8m
Copy link
Member Author

t8m commented Dec 17, 2021

Why does @openssl-machine think the PR has failing CI tests? I do not see them. @mattcaswell @levitte any idea?

@t8m t8m added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Dec 17, 2021
@mattcaswell
Copy link
Member

No idea

openssl-machine pushed a commit that referenced this pull request Dec 17, 2021
@t8m
ossl_provider_add_to_store: Avoid use-after-free
c526c51 
Avoid freeing a provider that was not up-ref-ed before.

Fixes #17292

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #17295)

(cherry picked from commit 33df7cb)
openssl-machine pushed a commit that referenced this pull request Dec 17, 2021
@t8m
ossl_provider_add_to_store: Avoid use-after-free
33df7cb 
Avoid freeing a provider that was not up-ref-ed before.

Fixes #17292

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #17295)
@t8m
Copy link
Member Author

t8m commented Dec 17, 2021

Merged to master and 3.0 branches. Thank you for the review.

@t8m t8m closed this Dec 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulidale paulidale paulidale left review comments

@mattcaswell mattcaswell mattcaswell approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch severity: fips change The pull request changes FIPS provider sources triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

possible use-after-free in provider.c (openssl-3.0.0)
4 participants
@t8m @openssl-machine @mattcaswell @paulidale