diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libcrypto/bio/biotest.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/regress/lib/libcrypto/bio/biotest.c b/src/regress/lib/libcrypto/bio/biotest.c index 7d56448bfa..a624315c61 100644 --- a/src/regress/lib/libcrypto/bio/biotest.c +++ b/src/regress/lib/libcrypto/bio/biotest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: biotest.c,v 1.11 2022/12/08 11:32:27 tb Exp $ */ | 1 | /* $OpenBSD: biotest.c,v 1.12 2022/12/08 12:27:03 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014, 2022 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014, 2022 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> |
| @@ -599,41 +599,43 @@ do_bio_chain_pop_test(void) | |||
| 599 | } | 599 | } |
| 600 | 600 | ||
| 601 | /* | 601 | /* |
| 602 | * Link two linear chains of BIOs, A[], B[] of length N_CHAIN_BIOS together | 602 | * Link two linear chains of BIOs, A[] and B[], of length N_CHAIN_BIOS together |
| 603 | * using either BIO_push(A[i], B[j]) or BIO_set_next(A[i], B[j]). | 603 | * using either BIO_push(A[i], B[j]) or BIO_set_next(A[i], B[j]). |
| 604 | * | 604 | * |
| 605 | * BIO_push() first walks the chain A[] to its end and then appends the tail | 605 | * BIO_push() first walks the chain A[] to its end and then appends the tail |
| 606 | * of chain B[] starting at B[j]. If j > 0, we get two chains | 606 | * of chain B[] starting at B[j]. If j > 0, we get two chains |
| 607 | * | 607 | * |
| 608 | * A[0] -- ... -- A[N_CHAIN_BIOS - 1] -- B[j] -- ... -- B[N_CHAIN_BIOS - 1] | 608 | * A[0] -- ... -- A[N_CHAIN_BIOS - 1] -- B[j] -- ... -- B[N_CHAIN_BIOS - 1] |
| 609 | * | 609 | * `- link created by BIO_push() |
| 610 | * B[0] -- ... -- B[j-1] | 610 | * B[0] -- ... -- B[j-1] |
| 611 | * --- oldhead -->| | 611 | * |<-- oldhead -->| |
| 612 | * | 612 | * |
| 613 | * of lengths N_CHAIN_BIOS + N_CHAIN_BIOS - j and j, respectively. | 613 | * of lengths N_CHAIN_BIOS + N_CHAIN_BIOS - j and j, respectively. |
| 614 | * If j == 0, the second chain (oldhead) is empty. One quirk of BIO_push() is | 614 | * If j == 0, the second chain (oldhead) is empty. One quirk of BIO_push() is |
| 615 | * that the outcome of BIO_push(A[i], B[j]) apart from the return value is | 615 | * that the outcome of BIO_push(A[i], B[j]) apart from the return value is |
| 616 | * independent of i. | 616 | * independent of i. |
| 617 | * | 617 | * |
| 618 | * Prior to bio_lib.c r1.41, BIO_push() would keep * BIO_next(B[j-1]) == B[j] | 618 | * Prior to bio_lib.c r1.41, BIO_push(A[i], B[j]) would fail to dissociate the |
| 619 | * for 0 < j < N_CHAIN_BIOS, and at the same time for all j the inconsistent | 619 | * two chains and leave B[j] with two parents for 0 < j < N_CHAIN_BIOS. |
| 620 | * BIO_prev(B[j]) == A[N_CHAIN_BIOS - 1]. | 620 | * B[j]->prev_bio would point at A[N_CHAIN_BIOS - 1], while both B[j - 1] and |
| 621 | * A[N_CHAIN_BIOS - 1] would point at B[j]. In particular, BIO_free_all(A[0]) | ||
| 622 | * followed by BIO_free_all(B[0]) results in a double free of B[j]. | ||
| 621 | * | 623 | * |
| 622 | * The result for BIO_set_next() is different: three chains are created. | 624 | * The result for BIO_set_next() is different: three chains are created. |
| 623 | * | 625 | * |
| 624 | * |--- oldtail --> | 626 | * |--- oldtail --> |
| 625 | * ... -- A[i-1] -- A[i] -- A[i+1] -- ... | 627 | * ... -- A[i-1] -- A[i] -- A[i+1] -- ... |
| 626 | * \ | 628 | * \ |
| 627 | * \ new link created by BIO_set_next() | 629 | * \ link created by BIO_set_next() |
| 628 | * --- oldhead -->| \ | 630 | * --- oldhead -->| \ |
| 629 | * ... -- B[j-1] -- B[j] -- B[j+1] -- ... | 631 | * ... -- B[j-1] -- B[j] -- B[j+1] -- ... |
| 630 | * | 632 | * |
| 631 | * After creating a new link, the new chain has length i + 1 + N_CHAIN_BIOS - j, | 633 | * After creating a new link, the new chain has length i + 1 + N_CHAIN_BIOS - j, |
| 632 | * oldtail has length N_CHAIN_BIOS - i - 1 and oldhead has length j. | 634 | * oldtail has length N_CHAIN_BIOS - i - 1 and oldhead has length j. |
| 633 | * | 635 | * |
| 634 | * Prior to bio_lib.c r1.40, BIO_set_next() results in BIO_next(B[j-1]) == B[j], | 636 | * Prior to bio_lib.c r1.40, BIO_set_next(A[i], B[j]) results in both A[i] and |
| 635 | * B[j-1] == BIO_prev(B[j]), A[i] == BIO_prev(A[i+1]) and, in addition, | 637 | * B[j - 1] pointing at B[j] while B[j] points back at A[i]. The result is |
| 636 | * BIO_next(A[i]) == B[j], thus leaving A[] and B[] in an inconsistent state. | 638 | * again double frees. |
| 637 | * | 639 | * |
| 638 | * XXX: Should check that the callback is called on BIO_push() as expected. | 640 | * XXX: Should check that the callback is called on BIO_push() as expected. |
| 639 | */ | 641 | */ |