projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e3899ab)
Fix double frees.
authorBen Laurie <ben@links.org>
Tue, 22 Apr 2014 12:11:56 +0000 (13:11 +0100)
committerBen Laurie <ben@links.org>
Tue, 22 Apr 2014 16:02:37 +0000 (17:02 +0100)
CHANGES patch | blob | history
crypto/pkcs7/pk7_doit.c patch | blob | history
crypto/ts/ts_rsp_verify.c patch | blob | history
ssl/d1_srvr.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index b790cee98bf24ec2e3b39bb829a3cbdeb60b6056..def57902be22d7576e5c0cda462d4606b1207149 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,8 @@
 
  Changes between 1.0.1g and 1.0.1h [xx XXX xxxx]
 
-  *)
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
 
  Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
 
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 77fda3b82a07692ee85158d4f7cfc88b44bd5d10..4c12a9dcc9dfb467b037f5baddd4667732ee7d7c 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -928,6 +928,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
        if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
                goto err;
        OPENSSL_free(abuf);
+       abuf = NULL;
        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                goto err;
        abuf = OPENSSL_malloc(siglen);
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index afe16afbe454f7d1e38c7c651b81a30b60649479..b7d170afac0a410ab6edd46a63a385fa97b81384 100644 (file)
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -629,6 +629,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
        X509_ALGOR_free(*md_alg);
        OPENSSL_free(*imprint);
        *imprint_len = 0;
+       *imprint = NULL;
        return 0;
        }
 
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 9975e20873c4b4503de204080dc4e1f892ba9fa7..1384ab0cbf171cb89a8ef0d3e5432b06814367ee 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -1356,6 +1356,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                            (unsigned char *)encodedPoint, 
                            encodedlen);
                        OPENSSL_free(encodedPoint);
+                       encodedPoint = NULL;
                        p += encodedlen;
                        }
 #endif
Unnamed repository; edit this file 'description' to name the repository.