Hi all, I noticed a doublefree when calling SSL_set_bio(ssl, bio, bio) followed by either SSL_set_bio(ssl, NULL, NULL) or SSL_set_io_SSL_free(ssl). Valgrind shows the double free, and I see the assert in https://github.com/openssl/openssl/blob/master/crypto/bio/bio_lib.c#L122 fail. This is all due to the same bio being using for read and write. I found that in https://github.com/openssl/openssl/blob/master/ssl/bio_ssl.c#L331-L332 the ref-count is manually adjusted, which indeed also fixes my doublefree. However, it seems that in a number of other places where SSL_set_bio is called with equal rbio and wbio, this is not the case, e.g. in apps/s_server.c (L2157, L2735, L3099) and also in https://github.com/openssl/openssl/blob/master/ssl/ssl_lib.c#L1161 itself. So the question is, when exactly is it necessary to manually adjust the ref count, and couldn't this be done automatically in e.g. the SSL_set_bio(ssl, bio, bio) ?
Best wishes, Mischa Salle
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
