Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
Submitted by: Reviewed by: PR: 212
This commit is contained in:
Lutz Jänicke
@@ -1245,13 +1245,24 @@ void SSL_CTX_free(SSL_CTX *a)
|
||||
abort(); /* ok */
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Free internal session cache. However: the remove_cb() may reference
|
||||
* the ex_data of SSL_CTX, thus the ex_data store can only be removed
|
||||
* after the sessions were flushed.
|
||||
* As the ex_data handling routines might also touch the session cache,
|
||||
* the most secure solution seems to be: empty (flush) the cache, then
|
||||
* free ex_data, then finally free the cache.
|
||||
* (See ticket [openssl.org #212].)
|
||||
*/
|
||||
if (a->sessions != NULL)
|
||||
SSL_CTX_flush_sessions(a,0);
|
||||
|
||||
CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
|
||||
|
||||
if (a->sessions != NULL)
|
||||
{
|
||||
SSL_CTX_flush_sessions(a,0);
|
||||
lh_free(a->sessions);
|
||||
}
|
||||
lh_free(a->sessions);
|
||||
|
||||
if (a->cert_store != NULL)
|
||||
X509_STORE_free(a->cert_store);
|
||||
if (a->cipher_list != NULL)
|
||||
|
||||
Reference in New Issue
Block a user