Client side CKE processing can double free on error

The tls_client_key_exchange_post_work() frees the pms on error. It also calls ssl_generate_master_secret() which also free the pms. If an error occurs after ssl_generate_master_secret() has been called then a double free can occur. Reviewed-by: N Andy Polyakov <appro@openssl.org>

Client side CKE processing can double free on error
The tls_client_key_exchange_post_work() frees the pms on error. It also calls ssl_generate_master_secret() which also free the pms. If an error occurs after ssl_generate_master_secret() has been called then a double free can occur. Reviewed-by: N Andy Polyakov <appro@openssl.org>
6f137370 · Matt Caswell · b8f1c116 · 6f137370
显示空白变更内容
内联并排

Showing with 8 addition and 2 deletion

ssl/statem/statem_clnt.c ssl/statem/statem_clnt.c +8 -2

未找到文件。
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2547,6 +2547,9 @@ int tls_client_key_exchange_post_work(SSL *s)
    unsigned char *pms = NULL;
    size_t pmslen = 0;

+    pms = s->s3->tmp.pms;
+    pmslen = s->s3->tmp.pmslen;
+
 #ifndef OPENSSL_NO_SRP
    /* Check for SRP */
    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
@@ -2558,8 +2561,6 @@ int tls_client_key_exchange_post_work(SSL *s)
        return 1;
    }
 #endif
-    pms = s->s3->tmp.pms;
-    pmslen = s->s3->tmp.pmslen;

    if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
@@ -2569,8 +2570,13 @@ int tls_client_key_exchange_post_work(SSL *s)
    if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
        SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
+        /* ssl_generate_master_secret frees the pms even on error */
+        pms = NULL;
+        pmslen = 0;
        goto err;
    }
+    pms = NULL;
+    pmslen = 0;

 #ifndef OPENSSL_NO_SCTP
    if (SSL_IS_DTLS(s)) {