[Openvpn-devel] [XS] Change in openvpn[master]: ssl_openssl.c: Prevent potential double-free

Thu, 17 Apr 2025 04:47:49 -0700 

Attention is currently required from: flichtenheld, ordex, plaisthos, stipa.

Hello flichtenheld, ordex, plaisthos,

I'd like you to reexamine a change. Please visit

    http://gerrit.openvpn.net/c/openvpn/+/942?usp=email

to look at the new patch set (#3).


Change subject: ssl_openssl.c: Prevent potential double-free
......................................................................

ssl_openssl.c: Prevent potential double-free

Fixes a potential double-free issue in tls_ctx_load_cert_uri()
by explicitly nullifying the pointer immediately after calling 
OSSL_STORE_INFO_free(info).

This ensures that subsequent cleanup won't attempt to free the same pointer 
again.

GitHub: #726

Change-Id: I4507be07cd5573b2117e837ef03187535a38a4b1
Signed-off-by: Lev Stipakov <l...@openvpn.net>
---
M src/openvpn/ssl_openssl.c
1 file changed, 3 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/42/942/3

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index d1d5d3e..a9e002c 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1152,6 +1152,7 @@
         goto end;
     }
     OSSL_STORE_INFO_free(info);
+    info = NULL;

     /* iterate through the store and add extra certificates if any to the 
chain */
     while (!OSSL_STORE_eof(store_ctx))
@@ -1170,6 +1171,7 @@
             break;
         }
         OSSL_STORE_INFO_free(info);
+        info = NULL;
     }

 end:
@@ -1185,6 +1187,7 @@

     UI_destroy_method(ui_method);
     OSSL_STORE_INFO_free(info);
+    info = NULL;
     OSSL_STORE_close(store_ctx);
 #else /* defined(HAVE_OPENSSL_STORE_API */
     ASSERT(0);

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/942?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I4507be07cd5573b2117e837ef03187535a38a4b1
Gerrit-Change-Number: 942
Gerrit-PatchSet: 3
Gerrit-Owner: stipa <lstipa...@gmail.com>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: ordex <anto...@mandelbit.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Attention: ordex <anto...@mandelbit.com>
Gerrit-Attention: stipa <lstipa...@gmail.com>
Gerrit-MessageType: newpatchset

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to