You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2020/07/14 15:51:36 UTC
[trafficserver] branch 8.1.x updated: Fixes use after free when
boringssl is used (#6998)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 8.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/8.1.x by this push:
new 9fdb4f6 Fixes use after free when boringssl is used (#6998)
9fdb4f6 is described below
commit 9fdb4f6ff8a78bf2af5498e328a4ae3d35122901
Author: Randall Meyer <rr...@apache.org>
AuthorDate: Tue Jul 14 08:51:21 2020 -0700
Fixes use after free when boringssl is used (#6998)
Ownership of the ca_list is transferred when SSL_CTX_set_client_CA_list
is called. This change delays that transfer to after the elements are
hashed.
(cherry picked from commit be234547bde4bb50e7b05a0cae37a1efaa45eac6)
Conflicts:
iocore/net/SSLUtils.cc
---
iocore/net/SSLUtils.cc | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 2787f3c..7ffcb41 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1879,13 +1879,8 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
SSL_CTX_set_verify_depth(ctx, params->verify_depth); // might want to make configurable at some point.
}
- // Set the list of CA's to send to client if we ask for a client
- // certificate
if (params->serverCACertFilename) {
ca_list = SSL_load_client_CA_file(params->serverCACertFilename);
- if (ca_list) {
- SSL_CTX_set_client_CA_list(ctx, ca_list);
- }
}
if (EVP_DigestInit_ex(digest, evp_md_func, nullptr) == 0) {
@@ -1912,6 +1907,9 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config *sslMu
goto fail;
}
}
+
+ // Set the list of CA's to send to client if we ask for a client certificate
+ SSL_CTX_set_client_CA_list(ctx, ca_list);
}
if (EVP_DigestFinal_ex(digest, hash_buf, &hash_len) == 0) {