The branch master has been updated
via e12813d0d31f4f7be2ccc592d382ef3e94bdb842 (commit)
from 4d55122ee782ebd306ef492f50c9b41e41a56244 (commit)
- Log -----------------------------------------------------------------
commit e12813d0d31f4f7be2ccc592d382ef3e94bdb842
Author: Tomas Mraz <[email protected]>
Date: Thu May 21 13:16:57 2020 +0200
Prevent use after free of global_engine_lock
If buggy application calls engine functions after cleanup of engines
already happened the global_engine_lock will be used although
already freed.
See for example:
https://bugzilla.redhat.com/show_bug.cgi?id=1831086
Reviewed-by: Bernd Edlinger <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/11896)
-----------------------------------------------------------------------
Summary of changes:
crypto/engine/eng_lib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 4ba235ca75..0cdb3fde42 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -171,6 +171,7 @@ void engine_cleanup_int(void)
cleanup_stack = NULL;
}
CRYPTO_THREAD_lock_free(global_engine_lock);
+ global_engine_lock = NULL;
}
/* Now the "ex_data" support */
