diff options
| author | tb <> | 2020-10-09 17:19:35 +0000 | 
|---|---|---|
| committer | tb <> | 2020-10-09 17:19:35 +0000 | 
| commit | fefcf488fdade8b93e6ee8a514efcb3705e952ff (patch) | |
| tree | cb5721a23a34e4af109398c549587aded00d68d7 /src/lib/libc/crypt/arc4random.h | |
| parent | 64328f64e6e2d96ec14ebcdb13eba729d774d45a (diff) | |
| download | openbsd-fefcf488fdade8b93e6ee8a514efcb3705e952ff.tar.gz openbsd-fefcf488fdade8b93e6ee8a514efcb3705e952ff.tar.bz2 openbsd-fefcf488fdade8b93e6ee8a514efcb3705e952ff.zip | |
Fix leak or double free with OCSP_request_add0_id()
On success, OCSP_request_add0_id() transfers ownership of cid to
either 'one' or 'req' depending on whether the latter is NULL or
not.  On failure, the caller can't tell whether OCSP_ONEREQ_new()
failed (in which case cid needs to be freed) or whether it was a
failure to allocate memory in sk_insert() (in which case cid must
not be freed).
The caller is thus faced with the choice of leaving either a leak
or a potential double free.  Fix this by transferring ownership
only at the end of the function.
Found while reviewing an upcoming diff by beck.
ok jsing
Diffstat (limited to 'src/lib/libc/crypt/arc4random.h')
0 files changed, 0 insertions, 0 deletions
