projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9330a85)
Fix double frees.
authorBen Laurie <ben@links.org>
Tue, 22 Apr 2014 11:38:26 +0000 (12:38 +0100)
committerBen Laurie <ben@links.org>
Tue, 22 Apr 2014 15:58:43 +0000 (16:58 +0100)
CHANGES patch | blob | history
crypto/pkcs7/pk7_doit.c patch | blob | history
crypto/ts/ts_rsp_verify.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index 87333bfcc9a6c59ec63d25f1d2f50ff0d2dcfc55..bb03d196d0a3c77069976b4b94ab82b8bb76bc72 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
   *) A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 82e145b856d92c2ba966176c9bd737abe7520fa3..a0559b124ee1e644b757c785107533286d600cce 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -928,6 +928,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
        if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
                goto err;
        OPENSSL_free(abuf);
+       abuf = NULL;
        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                goto err;
        abuf = OPENSSL_malloc(siglen);
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index afe16afbe454f7d1e38c7c651b81a30b60649479..3c7f816d12b1d06137f9ed4485d141c4e2a9bb58 100644 (file)
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -629,6 +629,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
        X509_ALGOR_free(*md_alg);
        OPENSSL_free(*imprint);
        *imprint_len = 0;
+       *imprint = 0;
        return 0;
        }
 
Unnamed repository; edit this file 'description' to name the repository.