Fix null pointer dereference when memory allocation fails #21606

yangyangtiantianlonglong · 2023-07-31T14:13:30Z

A null pointer dereference occurs when memory allocation fails
Fixes #21605

ssl/ssl_sess.c

nit

ssl/ssl_sess.c

Fixes openssl#21605

mspncp · 2023-08-01T09:13:39Z

Side note: looking at the source code for 3.0

openssl/ssl/ssl_sess.c

Lines 820 to 826 in bbc1aa9

    
           void SSL_SESSION_free(SSL_SESSION *ss) 
        
           { 
        
               int i; 
        
               if (ss == NULL) 
        
                   return; 
        
               CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);

and 3.1,

openssl/ssl/ssl_sess.c

Lines 822 to 828 in 162b5a3

    
           void SSL_SESSION_free(SSL_SESSION *ss) 
        
           { 
        
               int i; 
        
               if (ss == NULL) 
        
                   return; 
        
               CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);

it seems like the fix needs to be applied to the 3.0 and 3.1 branches as well (and it cherry-picks cleanly). However, looking at @paulidale's commit 99fd5b2 it turns out not to be an issue because the lock parameter is ignored in CRYPTO_DOWN_REF().

yangyangtiantianlonglong · 2023-08-01T09:22:07Z

Side note: looking at the source code for 3.0

openssl/ssl/ssl_sess.c

Lines 820 to 826 in bbc1aa9

void SSL_SESSION_free(SSL_SESSION *ss)

{

int i;

if (ss == NULL)

return;

CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);

and 3.1,

openssl/ssl/ssl_sess.c

Lines 822 to 828 in 162b5a3

void SSL_SESSION_free(SSL_SESSION *ss)

{

int i;

if (ss == NULL)

return;

CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);

it seems like the fix needs to be applied to the 3.0 and 3.1 branches as well (and it cherry-picks cleanly). However, looking at @paulidale's commit 99fd5b2 it turns out not to be an issue because the lock parameter is ignored in CRYPTO_DOWN_REF().

yes，I only encountered this issue with GCC 4.1.1 and openssl-1.1.1.

openssl-machine · 2023-08-02T10:00:16Z

This pull request is ready to merge

Fixes #21605 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21606)

hlandau · 2023-08-02T19:25:42Z

Merged to 1.1.1, 3.1 and 3.0. Does not appear to be applicable to master.

Fixes #21605 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21606) (cherry picked from commit a8da305)

Fixes openssl#21605 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#21606) (cherry picked from commit a8da305)

yangyangtiantianlonglong force-pushed the openssl_1_1_1_fix branch from 18425f5 to 7838cb5 Compare July 31, 2023 14:19

t8m previously approved these changes Jul 31, 2023

View reviewed changes

t8m self-requested a review July 31, 2023 20:01

t8m reviewed Jul 31, 2023

View reviewed changes

ssl/ssl_sess.c Outdated Show resolved Hide resolved

yangyangtiantianlonglong force-pushed the openssl_1_1_1_fix branch from 7838cb5 to d1657ce Compare August 1, 2023 01:17

yangyangtiantianlonglong requested a review from t8m August 1, 2023 01:18

paulidale approved these changes Aug 1, 2023

View reviewed changes

paulidale removed the approval: otc review pending This pull request needs review by an OTC member label Aug 1, 2023

mspncp requested changes Aug 1, 2023

View reviewed changes

ssl/ssl_sess.c Outdated Show resolved Hide resolved

tom-cosgrove-arm changed the title ~~A null pointer dereference occurs when memory allocation fails~~ Fix null pointer dereference when memory allocation fails Aug 1, 2023

A null pointer dereference occurs when memory allocation fails

75fb985

Fixes openssl#21605

yangyangtiantianlonglong force-pushed the openssl_1_1_1_fix branch from d1657ce to 75fb985 Compare August 1, 2023 09:13

yangyangtiantianlonglong requested a review from mspncp August 1, 2023 09:15

mspncp approved these changes Aug 1, 2023

View reviewed changes

hlandau approved these changes Aug 1, 2023

View reviewed changes

hlandau added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Aug 1, 2023

t8m added branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 labels Aug 1, 2023

openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Aug 2, 2023

hlandau removed the branch: master Merge to master branch label Aug 2, 2023

hlandau closed this Aug 2, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix null pointer dereference when memory allocation fails #21606

Fix null pointer dereference when memory allocation fails #21606

yangyangtiantianlonglong commented Jul 31, 2023 •

edited

mspncp commented Aug 1, 2023

yangyangtiantianlonglong commented Aug 1, 2023

openssl-machine commented Aug 2, 2023

hlandau commented Aug 2, 2023

Fix null pointer dereference when memory allocation fails #21606

Fix null pointer dereference when memory allocation fails #21606

Conversation

yangyangtiantianlonglong commented Jul 31, 2023 • edited

mspncp commented Aug 1, 2023

yangyangtiantianlonglong commented Aug 1, 2023

openssl-machine commented Aug 2, 2023

hlandau commented Aug 2, 2023

yangyangtiantianlonglong commented Jul 31, 2023 •

edited