[BB10-internal] SSL internals: fix memory corruption using QSslConfigurationPrivate

We are passing a QSslConfigurationPrivate that is allocated on the stack
(in QSslSocketBackendPrivate::initSslContext()) to
QSslConfiguration::QSslConfiguration(QSslConfigurationPrivate *dd).
When the SSL context is destroyed, this object is not there any more.
So now we create a deep copy of the configuration like we do in
QSslSocket::sslConfiguration().

Task-number: QTBUG-30648
(backport of commit 3a43aff9deb4af0479914a26d68fb98d313369b6)
Signed-off-by: Peter Hartmann <phartmann@blackberry.com>

Change-Id: I0a39b2bc485ce5a3528b72e6e47c3bd124963b3b

1 files changed, 6 insertions, 2 deletions

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 25607dad88..073ad27a4b 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -249,9 +249,13 @@ bool QSslSocketBackendPrivate::initSslContext()
     Q_Q(QSslSocket);
 
     // If no external context was set (e.g. bei QHttpNetworkConnection) we will create a default context
-    if (!sslContextPointer)
+    if (!sslContextPointer) {
+        // create a deep copy of our configuration
+        QSslConfigurationPrivate *configurationCopy = new QSslConfigurationPrivate(configuration);
+        configurationCopy->ref = 0;              // the QSslConfiguration constructor refs up
         sslContextPointer = QSharedPointer<QSslContext>(
-                    QSslContext::fromConfiguration(mode, QSslConfiguration(&configuration), allowRootCertOnDemandLoading));
+                    QSslContext::fromConfiguration(mode, configurationCopy, allowRootCertOnDemandLoading));
+    }
 
     if (sslContextPointer->error() != QSslError::NoError) {
         q->setErrorString(sslContextPointer->errorString());