git.librecmc.org Git - oweals/openssl.git/commit

author	David Benjamin <davidben@google.com>
	Mon, 14 Mar 2016 19:03:07 +0000 (15:03 -0400)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 7 Apr 2016 18:27:45 +0000 (19:27 +0100)
commit	7a433893adbe7eab3c41581175493d9e5326ba3f
tree	73c6a47e59f4e212dc60f9d612d02b012bb43513	tree \| snapshot
parent	f4bed7c7b6fe8459dbc14e28f91c6150013b9c5e	commit \| diff

Fix memory leak on invalid CertificateRequest.

Free up parsed X509_NAME structure if the CertificateRequest message
contains excess data.

The security impact is considered insignificant. This is a client side
only leak and a large number of connections to malicious servers would
be needed to have a significant impact.

This was found by libFuzzer.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit ec66c8c98881186abbb4a7ddd6617970f1ee27a7)