From adf43dd4ddaab0332e74abc86bbcef9cf27ee54a Mon Sep 17 00:00:00 2001
From: TJ Saunders <tj@castaglia.org>
Date: Sat, 25 Jul 2020 11:10:07 -0700
Subject: [PATCH] Issue #1063: Avoid segfaults for TLSv1.3 data transfers in
our session tickey callback by checking the status before using SSL_SESSION
pointer.
---
contrib/mod_tls.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c
index c4e3a2f186..3cab789c9c 100644
--- a/contrib/mod_tls.c
+++ b/contrib/mod_tls.c
@@ -6833,14 +6833,23 @@ static SSL_TICKET_RETURN tls_decrypt_session_ticket_data_upload_cb(SSL *ssl,
SSL_SESSION *ssl_session, const unsigned char *key_name, size_t key_namelen,
SSL_TICKET_STATUS status, void *user_data) {
SSL_TICKET_RETURN res;
- int ssl_version, renew_tickets = TRUE;
+ int renew_tickets = TRUE;
- ssl_version = SSL_SESSION_get_protocol_version(ssl_session);
+ /* Avoid using the given SSL_SESSION pointer unless the status indicates that
+ * that pointer is valid (Issue #1063).
+ */
+
+ if (status != SSL_TICKET_EMPTY &&
+ status != SSL_TICKET_NO_DECRYPT) {
+ int ssl_version;
+
+ ssl_version = SSL_SESSION_get_protocol_version(ssl_session);
# if defined(TLS1_3_VERSION)
- if (ssl_version == TLS1_3_VERSION) {
- pr_trace_msg(trace_channel, 29,
- "suppressing renewal of TLSv1.3 tickets for data transfers");
- renew_tickets = FALSE;
+ if (ssl_version == TLS1_3_VERSION) {
+ pr_trace_msg(trace_channel, 29,
+ "suppressing renewal of TLSv1.3 tickets for data transfers");
+ renew_tickets = FALSE;
+ }
}
# endif /* TLS1_3_VERSION */