projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b1d7eaa)
Fix a double free in tls1_setup_key_block
authorMatt Caswell <matt@openssl.org>
Thu, 5 May 2016 08:35:10 +0000 (09:35 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 19 May 2016 19:55:55 +0000 (20:55 +0100)
If p2 == NULL then p1 can get freed twice and a crash could occur.

Issue reported by Shi Lei (Qihoo 360 Inc)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
ssl/t1_enc.c patch | blob | history

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 514fcb3e4e74c4ae3a8c84b9db7eb06c8d116c71..b6d1ee95a5212b3f11f433c5a02a541b5c2074db 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -673,7 +673,6 @@ int tls1_setup_key_block(SSL *s)
 
     if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
         SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(p1);
         goto err;
     }
 #ifdef TLS_DEBUG
Unnamed repository; edit this file 'description' to name the repository.