projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: abcf241)
do_body: fix heap-use-after-free.
authorPavel Kopyl <p.kopyl@samsung.com>
Fri, 3 Nov 2017 19:18:35 +0000 (22:18 +0300)
committerMatt Caswell <matt@openssl.org>
Wed, 21 Feb 2018 12:18:56 +0000 (12:18 +0000)
The memory pointed to by the 'push' is freed by the
X509_NAME_ENTRY_free() in do_body(). The second time
it is referenced to (indirectly) in certify_cert:X509_REQ_free().

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4698)

apps/ca.c patch | blob | history

diff --git a/apps/ca.c b/apps/ca.c
index 26c077858f6f723ebb1e9b0c5583bf820597aa5d..2819fead40e0ea2bafd98a80605349d531b96190 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1556,7 +1556,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
             if (push != NULL) {
                 if (!X509_NAME_add_entry(subject, push, -1, 0)) {
-                    X509_NAME_ENTRY_free(push);
                     BIO_printf(bio_err, "Memory allocation failure\n");
                     goto end;
                 }
Unnamed repository; edit this file 'description' to name the repository.