diff options
| author | tb <> | 2023-04-14 06:47:07 +0000 |
|---|---|---|
| committer | tb <> | 2023-04-14 06:47:07 +0000 |
| commit | 7418dab6f81ac62a414e04b8f20fd6a8464a0526 (patch) | |
| tree | 53bea8f79845b10d786659d904ee1879651e89a9 | |
| parent | 3cb9a58bd29a6b9ec20a0973df479b81becf5c37 (diff) | |
| download | openbsd-7418dab6f81ac62a414e04b8f20fd6a8464a0526.tar.gz openbsd-7418dab6f81ac62a414e04b8f20fd6a8464a0526.tar.bz2 openbsd-7418dab6f81ac62a414e04b8f20fd6a8464a0526.zip | |
Fix double free in error path in openssl(1) x509
A conversion from X509_REQ_get_pubkey() to X509_REQ_get0_pubkey() missed
one free of pkey in an unlikely error path. After the conversion pkey is
no longer owned by us, so we mustn't free it.
ok jsing
| -rw-r--r-- | src/usr.bin/openssl/x509.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c index e6d1ee915d..7c8f34f64c 100644 --- a/src/usr.bin/openssl/x509.c +++ b/src/usr.bin/openssl/x509.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.c,v 1.32 2023/04/09 17:28:52 tb Exp $ */ | 1 | /* $OpenBSD: x509.c,v 1.33 2023/04/14 06:47:07 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -888,10 +888,8 @@ x509_main(int argc, char **argv) | |||
| 888 | 888 | ||
| 889 | if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) | 889 | if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) |
| 890 | goto end; | 890 | goto end; |
| 891 | if (!X509_set_pubkey(x, pkey)) { | 891 | if (!X509_set_pubkey(x, pkey)) |
| 892 | EVP_PKEY_free(pkey); | ||
| 893 | goto end; | 892 | goto end; |
| 894 | } | ||
| 895 | } else { | 893 | } else { |
| 896 | x = load_cert(bio_err, cfg.infile, cfg.informat, NULL, | 894 | x = load_cert(bio_err, cfg.infile, cfg.informat, NULL, |
| 897 | "Certificate"); | 895 | "Certificate"); |