diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-01-03 17:03:13 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-01-04 17:02:06 +0100 |
| commit | 97b8c859c64bc60fcf5bb27ed51489c81fde41b3 (patch) | |
| tree | dd3e59ab5668bb9756b3157296b8092af101f49d /apps/lib | |
| parent | 2e6afe1079c6993868c5d8a813605d16980e8e10 (diff) | |
| download | openssl-new-97b8c859c64bc60fcf5bb27ed51489c81fde41b3.tar.gz | |
app_http_tls_cb: Fix double-free in case TLS not used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)
Diffstat (limited to 'apps/lib')
| -rw-r--r-- | apps/lib/apps.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 328b0addb4..3b0266f158 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -2464,9 +2464,10 @@ static const char *tls_error_hint(void) /* HTTP callback function that supports TLS connection also via HTTPS proxy */ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) { + APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; + SSL_CTX *ssl_ctx = info->ssl_ctx; + if (connect && detail) { /* connecting with TLS */ - APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; - SSL_CTX *ssl_ctx = info->ssl_ctx; SSL *ssl; BIO *sbio = NULL; @@ -2500,12 +2501,14 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) if (hint != NULL) ERR_add_error_data(2, " : ", hint); } - (void)ERR_set_mark(); - BIO_ssl_shutdown(bio); - cbio = BIO_pop(bio); /* connect+HTTP BIO */ - BIO_free(bio); /* SSL BIO */ - (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */ - bio = cbio; + if (ssl_ctx != NULL) { + (void)ERR_set_mark(); + BIO_ssl_shutdown(bio); + cbio = BIO_pop(bio); /* connect+HTTP BIO */ + BIO_free(bio); /* SSL BIO */ + (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */ + bio = cbio; + } } return bio; } |