mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-24 10:34:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Only free the read buffers if we're not using them

Browse Source 
If we're part way through processing a record, or the application has
not released all the records then we should not free our buffer because
they are still needed.

CVE-2024-4741

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
This commit is contained in:
Matt Caswell 2024-04-23 16:34:46 +01:00
parent da9342ed5e
commit 38690cab18
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/record/methods/tls_common.c
View File

@ -2129,7 +2129,10 @@ int tls_free_buffers(OSSL_RECORD_LAYER *rl)
/* Read direction */
/* If we have pending data to be read then fail */
if (rl->curr_rec < rl->num_recs || TLS_BUFFER_get_left(&rl->rbuf) != 0)
if (rl->curr_rec < rl->num_recs
|| rl->curr_rec != rl->num_released
|| TLS_BUFFER_get_left(&rl->rbuf) != 0
|| rl->rstate == SSL_ST_READ_BODY)
return 0;
return tls_release_read_buffer(rl);