Double free in i2o_ECPublicKey

author David Ramos <daramos@stanford.edu>

Sat, 3 May 2014 10:00:27 +0000 (12:00 +0200)

committer Matt Caswell <matt@openssl.org>

Sat, 3 May 2014 23:56:13 +0000 (00:56 +0100)
author David Ramos <daramos@stanford.edu>
Sat, 3 May 2014 10:00:27 +0000 (12:00 +0200)
committer Matt Caswell <matt@openssl.org>
Sat, 3 May 2014 23:56:13 +0000 (00:56 +0100)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c

index ae555398594b8e6c02bd554015853000efeff744..0fb5c1407625f86c1754f496ba2e4f7abcdf97fc 100644 (file)
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1419,8 +1419,11 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
                                 *out, buf_len, NULL))
                 {
                 ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
-               OPENSSL_free(*out);
-               *out = NULL;
+               if (new_buffer)
+                       {
+                       OPENSSL_free(*out);
+                       *out = NULL;
+                       }
                 return 0;
                 }
         if (!new_buffer)
author	David Ramos <daramos@stanford.edu>
	Sat, 3 May 2014 10:00:27 +0000 (12:00 +0200)
committer	Matt Caswell <matt@openssl.org>
	Sat, 3 May 2014 23:56:13 +0000 (00:56 +0100)