From: Matt Caswell Date: Tue, 16 Jun 2020 16:40:40 +0000 (+0100) Subject: Don't attempt to duplicate the BIO state in SSL_dup X-Git-Tag: OpenSSL_1_1_1h~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4864a232ee7f901388532f65911866ca2478cfa9;p=thirdparty%2Fopenssl.git Don't attempt to duplicate the BIO state in SSL_dup SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs configured for it. This did not work. Firstly the SSL_dup code was passing a BIO ** as the destination argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that parameter. Any attempt to use this will either (1) fail silently, (2) crash or fail in some other strange way. Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make this work. Thirdly, if rbio == wbio in the original SSL object, then an attempt is made to up-ref the BIO in the new SSL object - even though it hasn't been set yet and is NULL. This results in a crash. This appears to have been broken for a very long time with at least some of the problems described above coming from SSLeay. The simplest approach is to just remove this capability from the function. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12245) --- diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod index ac4b7a46cd8..49861322868 100644 --- a/doc/man3/SSL_new.pod +++ b/doc/man3/SSL_new.pod @@ -73,9 +73,6 @@ L =item any configured Cipher List -=item any BIOs configured on I will have new BIO's created and the BIO state -duplicated via BIO_dup_state(). - =item initial accept (server) or connect (client) state =item the max cert list value set via L diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1d96eb4d3b7..f6a4964ed27 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3841,21 +3841,6 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) - goto err; - } else { - BIO_up_ref(ret->rbio); - ret->wbio = ret->rbio; - } - } - ret->server = s->server; if (s->handshake_func) { if (s->server)