summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorBenjamin Kaduk <bkaduk@akamai.com>2017-10-27 16:54:14 +0200
committerBen Kaduk <kaduk@mit.edu>2017-10-30 16:38:01 +0100
commitf403feea11d1ea26fd5b7d9732361cfc3f9f91a9 (patch)
treed1529b103cd0fb5478e4a973b014f0c5c49ba3c4 /crypto
parentFix memory leak in crltest error case (diff)
downloadopenssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.tar.xz
openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.zip
Prevent NULL dereference in async clear-fd code
If the list of fds contains only (one or more) entries marked as deleted prior to the entry currently being deleted, and the entry currently being deleted was only just added, the 'prev' pointer would never be updated from its initial NULL value, and we would dereference NULL while trying to remove the entry from the linked list. Reported by Coverity. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4602)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/async/async_wait.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c
index e115985d22..a88c2dbb92 100644
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
@@ -145,6 +145,7 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
while (curr != NULL) {
if (curr->del == 1) {
/* This one has been marked deleted already so do nothing */
+ prev = curr;
curr = curr->next;
continue;
}