It may occur that the qrx we allocate in port_default_packet handler to
do AEAD validation isn't the one the channel ultimately uses (like if we
turn off address validation). In that event, we need to ensure that
anything we have on that qrx isn't returned to its free list to avoid
early freeing when we free the qrx at the end of
port_default_packet_handler, while those frames are still pending on the
channel qrx
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27004)
*/
void ossl_qrx_pkt_release(OSSL_QRX_PKT *pkt);
+/*
+ * Like ossl_qrx_pkt_release, but just ensures that the refcount is dropped
+ * on this qrx_pkt, and ensure its not on any list
+ */
+void ossl_qrx_pkt_orphan(OSSL_QRX_PKT *pkt);
+
/* Increments the reference count for the given packet. */
void ossl_qrx_pkt_up_ref(OSSL_QRX_PKT *pkt);
* port_default_packet_handler() uses ossl_qrx_read_pkt()
* to get pkt. Such packet has refcount 1.
*/
- ossl_qrx_pkt_release(pkt);
+ ossl_qrx_pkt_orphan(pkt);
if (ossl_assert(rxe->refcount == 0))
ossl_list_rxe_insert_tail(&qrx->rx_pending, rxe);
}
qrx_recycle_rxe(pkt->qrx, rxe);
}
+void ossl_qrx_pkt_orphan(OSSL_QRX_PKT *pkt)
+{
+ RXE *rxe;
+
+ if (pkt == NULL)
+ return;
+ rxe = (RXE *)pkt;
+ assert(rxe->refcount > 0);
+ rxe->refcount--;
+ assert(ossl_list_rxe_prev(rxe) == NULL && ossl_list_rxe_next(rxe) == NULL);
+ return;
+}
+
void ossl_qrx_pkt_up_ref(OSSL_QRX_PKT *pkt)
{
RXE *rxe = (RXE *)pkt;
projects / thirdparty / openssl.git / commitdiff
