Commit f403feea authored by Benjamin Kaduk's avatar Benjamin Kaduk Committed by Ben Kaduk
Browse files

Prevent NULL dereference in async clear-fd code 



If the list of fds contains only (one or more) entries marked
as deleted prior to the entry currently being deleted, and the
entry currently being deleted was only just added, the 'prev'
pointer would never be updated from its initial NULL value, and
we would dereference NULL while trying to remove the entry from
the linked list.

Reported by Coverity.

Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4602)
parent 85155346

crypto/async/async_wait.c

+1 −0
Original line number Diff line number Diff line
@@ -145,6 +145,7 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key) 
    while (curr != NULL) {

        if (curr->del == 1) {

            /* This one has been marked deleted already so do nothing */

            prev = curr;

            curr = curr->next;

            continue;

        }