Re: [Openvpn-devel] [PATCH] Fix use-after-free with EVP_CIPHER_free

2023-06-01 Thread Antonio Quartulli 

Hi,

On 01/06/2023 11:57, Arne Schwabe wrote:

In many scenerios the context will still have a reference to the cipher, so


scenerios -> scenarios


this use-after-free does not explode but it is still wrong.


Good catch - glad we're so lucky :-)



Change-Id: I59002d6613eaef36d5a47b20b56073e399cfa1df
Signed-off-by: Arne Schwabe 
---
  src/openvpn/crypto_openssl.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index c2ac80b74..8fe56fc78 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -839,11 +839,12 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key,
  crypto_msg(M_FATAL, "EVP cipher init #2");
  }
  
-EVP_CIPHER_free(kt);

  /* make sure we used a big enough key */
  ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt));
+EVP_CIPHER_free(kt);
  }
  
+


This is not required - please remove it before merging.


  int
  cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
  {


Acked-by: Antonio Quartulli 


--
Antonio Quartulli


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Fix use-after-free with EVP_CIPHER_free

2023-06-01 Thread Arne Schwabe 
In many scenerios the context will still have a reference to the cipher, so
this use-after-free does not explode but it is still wrong.

Change-Id: I59002d6613eaef36d5a47b20b56073e399cfa1df
Signed-off-by: Arne Schwabe 
---
 src/openvpn/crypto_openssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index c2ac80b74..8fe56fc78 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -839,11 +839,12 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key,
 crypto_msg(M_FATAL, "EVP cipher init #2");
 }
 
-EVP_CIPHER_free(kt);
 /* make sure we used a big enough key */
 ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt));
+EVP_CIPHER_free(kt);
 }
 
+
 int
 cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
 {
-- 
2.39.2 (Apple Git-143)



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel