Fix data race between SSL_SESSION_list_add and ssl_session_dup

author Robert Schulze <robert@clickhouse.com>

Tue, 18 Jun 2024 14:43:26 +0000 (14:43 +0000)

committer Neil Horman <nhorman@openssl.org>

Fri, 21 Jun 2024 11:57:56 +0000 (07:57 -0400)
author Robert Schulze <robert@clickhouse.com>
Tue, 18 Jun 2024 14:43:26 +0000 (14:43 +0000)
committer Neil Horman <nhorman@openssl.org>
Fri, 21 Jun 2024 11:57:56 +0000 (07:57 -0400)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c

index 12c64d8b7ae6656ab7a0c626cfaa3bb27e8976d1..4d3bbe84032a62c881ec6510d43622b24a075cfe 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -139,7 +139,15 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
      dest = OPENSSL_malloc(sizeof(*dest));
      if (dest == NULL)
          return NULL;
-    memcpy(dest, src, sizeof(*dest));
+
+    /*
+     * Copy until prev ptr, because it's a part of sessons cache which can be modified
+     * concurrently. Other fields filled in the code bellow.
+     */
+    memcpy(dest, src, offsetof(SSL_SESSION, prev));
+    dest->ext = src->ext;
+    dest->ticket_appdata_len = src->ticket_appdata_len;
+    dest->flags = src->flags;
  
      /*
       * Set the various pointers to NULL so that we can call SSL_SESSION_free in
author	Robert Schulze <robert@clickhouse.com>
	Tue, 18 Jun 2024 14:43:26 +0000 (14:43 +0000)
committer	Neil Horman <nhorman@openssl.org>
	Fri, 21 Jun 2024 11:57:56 +0000 (07:57 -0400)