Skip to content

[pull] master from openssl:master #297

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 1 commit into from
Dec 16, 2025
Merged

[pull] master from openssl:master #297

pull merged 1 commit into from
Dec 16, 2025

Conversation

@pull
Copy link

@pull pull bot commented Dec 16, 2025
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@nhorman
Prevent freeing of parent listener in SSL_listen_ex
1bfdcf9 
Its been reported that, when using SSL_listen_ex to obtain a new
connection from a listener, that, if the listener is freed prior to the
obtained connection, we get use-after-free conditions when freeing said
obtained connections.

This occurs because SSL_listen_ex fails to take a reference on the
parent listener SSL object (in the same way that SSL_new_from_listener
does).  If the listener is freed first, then several listener resources
are freed, which the obtained connection still makes use of, hence the
use-after-free.

The fix is to do what SSL_new_from_listener does, namely:
1) Increase the reference count on the listener SSL object.
2) Ensure that the connection qc->listener points to the listener object
   so that, when the connection is freed, we call SSL_free on the
   listener object, dropping the reference count we take in
   SSL_listen_ex.

While we're at it, this PR also modifies the quicapi test for testing
the SSL_listen_ex call, freeing the listener first to ensure that the
increased refcount holds the SSL object data stable until the connection
is freed.

Thanks to Stanislav Fort at Asile Research for pointing out this issue.

fixes openssl/project#1766

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #29398)
@pull pull bot locked and limited conversation to collaborators Dec 16, 2025
@pull pull bot added the ⤵️ pull label Dec 16, 2025
@pull pull bot merged commit 1bfdcf9 into All-Blockchains:master Dec 16, 2025
19 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nhorman