Ensure SSL_get_app_data() continues to work even in SSL_free()

During SSL_free() we may get a QUIC TLS callback being called to clean up
any remaining record data. We should ensure that SSL_get_app_data()
continues to work, even in this scenario.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27091)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fd0d6e2bb74731eb13d7887aead96d2903a8684b..912c6b121e7331ed6f59fb162a423ce9de4030ff 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1428,11 +1428,10 @@ void SSL_free(SSL *s)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
     if (s->method != NULL)
         s->method->ssl_free(s);
 
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
     SSL_CTX_free(s->ctx);
     CRYPTO_THREAD_lock_free(s->lock);
     CRYPTO_FREE_REF(&s->references);
@@ -1448,15 +1447,17 @@ void ossl_ssl_connection_free(SSL *ssl)
     if (s == NULL)
         return;
 
-    X509_VERIFY_PARAM_free(s->param);
-    dane_final(&s->dane);
-
-    /* Ignore return value */
+    /*
+     * Ignore return values. This could result in user callbacks being called
+     * e.g. for the QUIC TLS record layer. So we do this early before we have
+     * freed other things.
+     */
     ssl_free_wbio_buffer(s);
-
-    /* Ignore return value */
     RECORD_LAYER_clear(&s->rlayer);
 
+    X509_VERIFY_PARAM_free(s->param);
+    dane_final(&s->dane);
+
     BUF_MEM_free(s->init_buf);
 
     /* add extra stuff */