From: Hugo Landau Date: Mon, 5 Feb 2024 17:32:51 +0000 (+0000) Subject: QUIC APL: Fix refcounting for listeners X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1880fbf655282ab9eceb336ae8b70fc7ed27d45a;p=thirdparty%2Fopenssl.git QUIC APL: Fix refcounting for listeners Reviewed-by: Matt Caswell Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/23334) --- diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index f6a8ed3f678..65cf9794740 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -546,17 +546,18 @@ static void qc_cleanup(QUIC_CONNECTION *qc, int have_lock) quic_unref_port_bios(qc->port); ossl_quic_port_free(qc->port); qc->port = NULL; - } - ossl_quic_engine_free(qc->engine); - qc->engine = NULL; + ossl_quic_engine_free(qc->engine); + qc->engine = NULL; + } if (have_lock) /* tsan doesn't like freeing locked mutexes */ ossl_crypto_mutex_unlock(qc->mutex); #if defined(OPENSSL_THREADS) - ossl_crypto_mutex_free(&qc->mutex); + if (qc->listener == NULL) + ossl_crypto_mutex_free(&qc->mutex); #endif } @@ -662,6 +663,10 @@ void ossl_quic_free(SSL *s) * us */ qc_cleanup(ctx.qc, /*have_lock=*/1); + /* Note: SSL_free calls OPENSSL_free(qc) for us */ + + if (ctx.qc->listener != NULL) + SSL_free(&ctx.qc->listener->obj.ssl); } /* SSL method init */ @@ -4185,8 +4190,14 @@ static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHA { QUIC_CONNECTION *qc = NULL; + if (!SSL_up_ref(&ql->obj.ssl)) { + QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); + goto err; + } + if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) { QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL); + SSL_free(&ql->obj.ssl); goto err; } @@ -4194,6 +4205,7 @@ static QUIC_CONNECTION *create_qc_from_incoming_conn(QUIC_LISTENER *ql, QUIC_CHA SSL_TYPE_QUIC_CONNECTION, &ql->obj.ssl, NULL, NULL)) { QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); + SSL_free(&ql->obj.ssl); goto err; }