dsa_priv_decode(): only destroy the object we've created, and with the

appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
author: miod <> 2014-07-13 12:45:01 +0000
committer: miod <> 2014-07-13 12:45:01 +0000
commit: ed37355a7f49beb3c1560dc4e8b68cbd94157da3 (patch)
tree: e75565a5de3d55f092bd588d8223eede12004775
parent: 51eac40810fca13318e009e19dc3c1049fda6783 (diff)
download: openbsd-ed37355a7f49beb3c1560dc4e8b68cbd94157da3.tar.gz
openbsd-ed37355a7f49beb3c1560dc4e8b68cbd94157da3.tar.bz2
openbsd-ed37355a7f49beb3c1560dc4e8b68cbd94157da3.zip
2 files changed, 10 insertions, 6 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 7da4ac5695..20839b6207 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.13 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.14 2014/07/13 12:45:01 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -275,9 +275,10 @@ decerr:
        DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dsaerr:
        BN_CTX_free(ctx);
-        if (privkey)
+        if (ndsa)
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        else
                ASN1_INTEGER_free(privkey);
-        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
        DSA_free(dsa);
        return 0;
 }
@@ -313,6 +314,7 @@ dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
        dplen = i2d_ASN1_INTEGER(prkey, &dp);
        ASN1_INTEGER_free(prkey);
+        prkey = NULL;
        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,
            params, dp, dplen))
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
index 7da4ac5695..20839b6207 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.13 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.14 2014/07/13 12:45:01 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -275,9 +275,10 @@ decerr:
        DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
 dsaerr:
        BN_CTX_free(ctx);
-        if (privkey)
+        if (ndsa)
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        else
                ASN1_INTEGER_free(privkey);
-        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
        DSA_free(dsa);
        return 0;
 }
@@ -313,6 +314,7 @@ dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
        dplen = i2d_ASN1_INTEGER(prkey, &dp);
        ASN1_INTEGER_free(prkey);
+        prkey = NULL;
        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE,
            params, dp, dplen))
author	miod <>	2014-07-13 12:45:01 +0000
committer	miod <>	2014-07-13 12:45:01 +0000
commit	ed37355a7f49beb3c1560dc4e8b68cbd94157da3 (patch)
tree	e75565a5de3d55f092bd588d8223eede12004775
parent	51eac40810fca13318e009e19dc3c1049fda6783 (diff)
download	openbsd-ed37355a7f49beb3c1560dc4e8b68cbd94157da3.tar.gz openbsd-ed37355a7f49beb3c1560dc4e8b68cbd94157da3.tar.bz2 openbsd-ed37355a7f49beb3c1560dc4e8b68cbd94157da3.zip