Prevent NULL dereference in async clear-fd code

If the list of fds contains only (one or more) entries marked as deleted prior to the entry currently being deleted, and the entry currently being deleted was only just added, the 'prev' pointer would never be updated from its initial NULL value, and we would dereference NULL while trying to remove the entry from the linked list. Reported by Coverity. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4602)
author: Benjamin Kaduk <bkaduk@akamai.com> 2017-10-27 09:54:14 -0500
committer: Ben Kaduk <kaduk@mit.edu> 2017-10-30 10:38:01 -0500
commit: f403feea11d1ea26fd5b7d9732361cfc3f9f91a9 (patch)
tree: d1529b103cd0fb5478e4a973b014f0c5c49ba3c4 /crypto/async
parent: 85155346b3ca2dcdecf018dc8db9df94ceebeb0d (diff)
download: openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.zip
openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.tar.gz
openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c
index e115985..a88c2db 100644
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
@@ -145,6 +145,7 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
     while (curr != NULL) {
         if (curr->del == 1) {
             /* This one has been marked deleted already so do nothing */
+            prev = curr;
             curr = curr->next;
             continue;
         }
author	Benjamin Kaduk <bkaduk@akamai.com>	2017-10-27 09:54:14 -0500
committer	Ben Kaduk <kaduk@mit.edu>	2017-10-30 10:38:01 -0500
commit	f403feea11d1ea26fd5b7d9732361cfc3f9f91a9 (patch)
tree	d1529b103cd0fb5478e4a973b014f0c5c49ba3c4 /crypto/async
parent	85155346b3ca2dcdecf018dc8db9df94ceebeb0d (diff)
download	openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.zip openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.tar.gz openssl-f403feea11d1ea26fd5b7d9732361cfc3f9f91a9.tar.bz2