You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was reading through the code, and saw that the callback dhparam_cb is setup via SSL_CTX_set_tmp_dh_callback, but not torn down.
This means if the reference to the ssl context is collected while a DH negotiation is pending, there will be an illegal de-reference (segfault if we're lucky) in dhparam_cb. I don't think this can currently be reached within the confines of luasec, but if a SSL_CTX* or SSL* ever escaped then there would be a problem.
For safety, meth_destroy should unset the dh callback.
The text was updated successfully, but these errors were encountered:
I was reading through the code, and saw that the callback
dhparam_cbis setup viaSSL_CTX_set_tmp_dh_callback, but not torn down.This means if the reference to the ssl context is collected while a DH negotiation is pending, there will be an illegal de-reference (segfault if we're lucky) in
dhparam_cb. I don't think this can currently be reached within the confines of luasec, but if aSSL_CTX*orSSL*ever escaped then there would be a problem.For safety,
meth_destroyshould unset the dh callback.The text was updated successfully, but these errors were encountered: