Double free reported in my code using openssl 1.0.2k

188 Views Asked by mona sinha At 26 March 2021 at 09:38

I am using openssl library 1.0.2k in my application. In some random situations, a double free error condition is occurring. The basic code flow is:

BIO* sbio = NULL;
if (!(con = (SSL *) SSL_new(ctx))) {
    sprintf(ReturnBuf, "sweb: Cannot create new SSL connection");
    close(sockfd);
    SSL_CTX_free(ctx);
    return -1;
}

if (!(sbio = BIO_new_socket(sockfd, BIO_NOCLOSE))) {
    sprintf(ReturnBuf, "sweb: Cannot create new socket BIO");
    close(sockfd);
    SSL_shutdown(con);
    SSL_free(con);
    SSL_CTX_free(ctx);
    if (sbio)
        BIO_free(sbio);
        return -1;
    }
    SSL_set_bio(con, sbio, sbio);

In case of any ssl error, following snippet gets executed:

    close(sockfd);
    SSL_shutdown(con);
    SSL_free(con);
    SSL_CTX_free(ctx);
    if (sbio)
        BIO_free(sbio);

Based on my recent understanding, bio free operation is not required after SSL_free. So I did the changes and re executed the code.But still the same error is getting generated. Please suggest any possible root cause.

Original Q&A

There are 1 best solutions below

Employed Russian On 27 March 2021 at 00:48

For anybody to help you, you need an MCVE.

Run your program under Valgrind or Address Sanitizer, and the source of double-free should become immediately obvious.

Double free reported in my code using openssl 1.0.2k

There are 1 best solutions below

Related Questions in OPENSSL

Related Questions in GLIBC

Related Questions in DOUBLE-FREE

Trending Questions

Popular # Hahtags

Popular Questions