Hi,
Coverity thinks that in this sequence b->ptr is used
after free and I have to agree:
case BIO_C_SET_SSL:
if (ssl != NULL)
ssl_free(b); // MARCUS: frees also b->ptr
b->shutdown=(int)num;
ssl=(SSL *)ptr;
((BIO_SSL *)b->ptr)->ssl=ssl; // MARCUS: Derferences freed
b->ptr
bio=SSL_get_rbio(ssl);
if (bio != NULL)
{
if (b->next_bio != NULL)
BIO_push(bio,b->next_bio);
b->next_bio=bio;
CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
}
b->init=1;
break;
Not sure what was really intended in the second commented line.
Ciao, MArcus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
