Double free in i2o_ECPublicKey
authorDavid Ramos <daramos@stanford.edu>
Sat, 3 May 2014 10:00:27 +0000 (12:00 +0200)
committerMatt Caswell <matt@openssl.org>
Sat, 3 May 2014 23:53:19 +0000 (00:53 +0100)
PR: 3338

crypto/ec/ec_asn1.c

index 145807b611a5aa9efa6b782b2c543d95b8fe3387..e94f34e11b7ca36e0f449a2181745088921fbb2c 100644 (file)
@@ -1435,8 +1435,11 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
                                *out, buf_len, NULL))
                {
                ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
-               OPENSSL_free(*out);
-               *out = NULL;
+               if (new_buffer)
+                       {
+                       OPENSSL_free(*out);
+                       *out = NULL;
+                       }
                return 0;
                }
        if (!new_buffer)