Better handling of verify param id peername field
authorViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 2 Sep 2015 01:47:12 +0000 (21:47 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 2 Sep 2015 13:53:29 +0000 (09:53 -0400)
commita0724ef1c9b9e2090bdd96b784f492b6a3952957
tree47a6257b8bef700faaabd56c3ee828452bd041df
parent246b52f39aac36d1f4bc705c27c6354cb67041f4
Better handling of verify param id peername field

Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).

In x509_verify_param_zero() set peername to NULL after freeing it.

In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername.  This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/x509/x509_vfy.c
crypto/x509/x509_vpm.c