Double free reported in my code using openssl 1.0.2k

Question

I am using openssl library 1.0.2k in my application. In some random situations, a double free error condition is occurring. The basic code flow is:

BIO* sbio = NULL;
if (!(con = (SSL *) SSL_new(ctx))) {
    sprintf(ReturnBuf, "sweb: Cannot create new SSL connection");
    close(sockfd);
    SSL_CTX_free(ctx);
    return -1;
}

if (!(sbio = BIO_new_socket(sockfd, BIO_NOCLOSE))) {
    sprintf(ReturnBuf, "sweb: Cannot create new socket BIO");
    close(sockfd);
    SSL_shutdown(con);
    SSL_free(con);
    SSL_CTX_free(ctx);
    if (sbio)
        BIO_free(sbio);
        return -1;
    }
    SSL_set_bio(con, sbio, sbio);

In case of any ssl error, following snippet gets executed:

    close(sockfd);
    SSL_shutdown(con);
    SSL_free(con);
    SSL_CTX_free(ctx);
    if (sbio)
        BIO_free(sbio);

Based on my recent understanding, bio free operation is not required after SSL_free. So I did the changes and re executed the code.But still the same error is getting generated. Please suggest any possible root cause.

score 0 · Answer 1 · answered Mar 27 '21 at 00:48

0

For anybody to help you, you need an MCVE.

Run your program under Valgrind or Address Sanitizer, and the source of double-free should become immediately obvious.

answered Mar 27 '21 at 00:48

Employed Russian

199,314
34
295
362

Double free reported in my code using openssl 1.0.2k

1 Answers1