From f81111c6f6b1d1865ffb05dfa7df4f64966629e8 Mon Sep 17 00:00:00 2001
From: hugel <2712504175@qq.com>
Date: Fri, 11 Oct 2024 15:21:46 +0800
Subject: [PATCH] fix openssl asan error

---
 ...input-buf-arrays-must-live-until-the.patch | 45 +++++++++++++++++++
 openssl.spec                                  |  6 ++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch

diff --git a/backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch b/backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch
new file mode 100644
index 0000000..66e2409
--- /dev/null
+++ b/backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch
@@ -0,0 +1,45 @@
+From df9c7ceefef59cc870c80346906471fabec62494 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 21 Oct 2022 14:08:29 +0100
+Subject: [PATCH] Pipeline output/input buf arrays must live until the
+ EVP_Cipher is called
+
+Conflict:adapt context
+Reference:https://github.com/openssl/openssl/commit/df9c7ceefef59cc870c80346906471fabec62494
+
+The pipeline input/output buf arrays must remain accessible to the
+EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an
+asan error discovered by the newly added pipeline test.
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20208)
+---
+ ssl/record/ssl3_record.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
+index 368aaea5e9..4256f29663 100644
+--- a/ssl/record/ssl3_record.c
++++ b/ssl/record/ssl3_record.c
+@@ -964,6 +964,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
+     EVP_CIPHER_CTX *ds;
+     size_t reclen[SSL_MAX_PIPELINES];
+     unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
++    unsigned char *data[SSL_MAX_PIPELINES];
+     int i, pad = 0, ret, tmpr;
+     size_t bs, mac_size = 0, ctr, padnum, loop;
+     unsigned char padval;
+@@ -1123,8 +1124,6 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
+             }
+         }
+         if (n_recs > 1) {
+-            unsigned char *data[SSL_MAX_PIPELINES];
+-
+             /* Set the output buffers */
+             for (ctr = 0; ctr < n_recs; ctr++) {
+                 data[ctr] = recs[ctr].data;
+-- 
+2.33.0
+
diff --git a/openssl.spec b/openssl.spec
index ec6a223..fae145b 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     37
+Release:     38
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -154,6 +154,7 @@ Patch143:    backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch
 Patch144:    backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch
 Patch145:    backport-CVE-2024-5535-Fix-SSL_select_next_proto-and-add-ALPN.patch
 Patch146:    backport-CVE-2024-5535-Add-a-test-for-ALPN-and-NPN.patch
+Patch147:    backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch
 
 Patch1000:   1000-add-sw_64-support-not-upstream-modified-files.patch
 Patch1001:   1001-add-loongarch64-support-not-upstream-modified-files.patch
@@ -367,6 +368,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Oct 11 2024 hugel <gengqihu2@h-partners.com> - 1:1.1.1m-38
+- fix openssl asan error
+
 * Tue Jul 2 2024 gengqihu <gengqihu2@h-partners.com> - 1:1.1.1m-37
 - fix CVE-2024-5535
 
-- 
Gitee