This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new bea4146 Fixes use after free when boringssl is used (#6985)
bea4146 is described below
commit bea4146fc071147576f0feed6702cea36f5928b0
Author: Randall Meyer <[email protected]>
AuthorDate: Wed Jul 8 15:25:43 2020 -0700
Fixes use after free when boringssl is used (#6985)
Ownership of the ca_list is transferred when SSL_CTX_set_client_CA_list
is called. This change delays that transfer to after the elements are
hashed.
(cherry picked from commit be234547bde4bb50e7b05a0cae37a1efaa45eac6)
---
iocore/net/SSLUtils.cc | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 9965120..bc303e3 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -2191,12 +2191,8 @@ SSLMultiCertConfigLoader::set_session_id_context(SSL_CTX
*ctx, const SSLConfigPa
const char *setting_cert = sslMultCertSettings ?
sslMultCertSettings->cert.get() : nullptr;
bool result = false;
- // Set the list of CA's to send to client if we ask for a client certificate
if (params->serverCACertFilename) {
ca_list = SSL_load_client_CA_file(params->serverCACertFilename);
- if (ca_list) {
- SSL_CTX_set_client_CA_list(ctx, ca_list);
- }
}
if (EVP_DigestInit_ex(digest, evp_md_func, nullptr) == 0) {
@@ -2223,6 +2219,9 @@ SSLMultiCertConfigLoader::set_session_id_context(SSL_CTX
*ctx, const SSLConfigPa
goto fail;
}
}
+
+ // Set the list of CA's to send to client if we ask for a client
certificate
+ SSL_CTX_set_client_CA_list(ctx, ca_list);
}
if (EVP_DigestFinal_ex(digest, hash_buf, &hash_len) == 0) {
