Skip to content

Fixes use after free when boringssl is used #6998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zwoop merged 1 commit into from
Jul 14, 2020
Merged

Fixes use after free when boringssl is used #6998

zwoop merged 1 commit into from
Jul 14, 2020

Conversation

@randall
Copy link
Contributor

@randall randall commented Jul 13, 2020

Ownership of the ca_list is transferred when SSL_CTX_set_client_CA_list
is called. This change delays that transfer to after the elements are
hashed.

(cherry picked from commit be23454)

Conflicts:
iocore/net/SSLUtils.cc

@randall randall added this to the 8.1.0 milestone Jul 13, 2020
@randall randall requested a review from zwoop July 13, 2020 18:45
@randall randall self-assigned this Jul 13, 2020
@randall
Fixes use after free when boringssl is used
a7e3f7c 
Ownership of the ca_list is transferred when SSL_CTX_set_client_CA_list
is called. This change delays that transfer to after the elements are
hashed.

(cherry picked from commit be23454)

Conflicts:
	iocore/net/SSLUtils.cc
@randall randall force-pushed the boringssl_crash_8.1.x branch from ab7bf59 to a7e3f7c Compare July 13, 2020 18:47
@randall randall changed the title Fixes use after free when boringssl is used (#6985) Fixes use after free when boringssl is used Jul 13, 2020
@randall
Copy link
Contributor Author

randall commented Jul 13, 2020

This is a backport of #6985

@masaori335 masaori335 added the Backport Marked for backport for an LTS patch release label Jul 14, 2020
@zwoop zwoop modified the milestones: 8.1.0, Backported Jul 14, 2020
@zwoop zwoop merged commit 9fdb4f6 into apache:8.1.x Jul 14, 2020
@randall randall deleted the boringssl_crash_8.1.x branch July 14, 2020 16:12
masaori335 pushed a commit to masaori335/trafficserver that referenced this pull request Mar 31, 2021
@zwoop
Merge remote-tracking branch 'asf/8.1.x' into 8.1.x
7570de3 
* asf/8.1.x:
  Updated ChangeLog
  Disable openclose_h2 AuTest on 8.1.x (apache#6990)
  Fixes use after free when boringssl is used (apache#6998)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zwoop zwoop Awaiting requested review from zwoop

Assignees

@randall randall

Labels

Backport Marked for backport for an LTS patch release

Projects

None yet

Milestone

Backported

Development

Successfully merging this pull request may close these issues.

3 participants

@randall @zwoop @masaori335