Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Summary: A Use-After-Free (UAF) vulnerability exists in libcurl when the OpenSSL SSL_CTX_set_keylog_callback is set. The callback may be invoked after the associated SSL object has been freed via SSL_free(), leading to access to a dangling pointer and potential crash or information leak via SSL_get_ex_data(). This can be triggered manually or accidentally through custom keylog callbacks when ex_data is accessed inside the callback and the SSL object is no longer valid. Security impact: Under specific conditions (when keylog callback is configured), it results in a segmentation fault (DoS). If further heap grooming or ex_data abuse is possible, this may lead to code execution. Affected version Tested on: curl 8.8.0 (OpenSSL 3.3.0) Release-Date: 2024-06-26 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets Platform: Termux (Android 11, aarch64) OpenSSL: 3.3.0 built from source --- Steps To Reproduce: 1. Build the following minimal C program (tested with gcc -o segv segv.c -lssl -lcrypto): #include <openssl/ssl.h> #include <openssl/err.h> #include <stdio.h> #include <stdlib.h> void my_keylog_cb(const SSL *ssl, const char *line) { printf("Keylog callback: %s\n", line); // UAF: SSL already freed void *ptr = SSL_get_ex_data((SSL *)ssl, 0); // cast to remove const printf("blocked: %p\n", ptr); } int main() { SSL_library_init(); SSL_load_error_strings(); SSL_CTX *ctx = SSL_CTX_new(TLS_client_method()); SSL_CTX_set_keylog_callback(ctx, my_keylog_cb); SSL *ssl = SSL_new(ctx); int idx = SSL_get_ex_new_index(0, "mydata", NULL, NULL, NULL); char *data = strdup("hello"); SSL_set_ex_data(ssl, idx, data); SSL_free(ssl); // Free SSL // Trigger callback after free my_keylog_cb(ssl, "CLIENT_RANDOM deadbeef..."); SSL_CTX_free(ctx); free(data); return 0; } 2. Run the binary: $ ./segv Keylog callback: CLIENT_RANDOM deadbeef... blocked: 0x0 Segmentation fault Was an AI involved? No, the bug was discovered through manual auditing and testing. However, AI (ChatGPT) was used only to assist in writing documentation and estimating CVSS/weakness classification (e.g., CWE-416). ## Impact Under specific conditions (when keylog callback is configured), it results in a segmentation fault (DoS). If further heap grooming or ex_data abuse is possible, this may lead to code execution.