diff options
| author | schwarze <> | 2021-11-03 14:36:21 +0000 |
|---|---|---|
| committer | schwarze <> | 2021-11-03 14:36:21 +0000 |
| commit | 76e6dd4974483acbe964bdb000c16a61459f0c81 (patch) | |
| tree | 74daf89556979cece1b0c5f4ed185a3ed7f5abda /src/lib/libc | |
| parent | 3d8791232e97df9ea6bc9b6f8533b6556e5cd3e4 (diff) | |
| download | openbsd-76e6dd4974483acbe964bdb000c16a61459f0c81.tar.gz openbsd-76e6dd4974483acbe964bdb000c16a61459f0c81.tar.bz2 openbsd-76e6dd4974483acbe964bdb000c16a61459f0c81.zip | |
Fix five bugs in X509_REQ_to_X509(3):
* memory leak in X509_set_subject_name(ret, X509_NAME_dup(xn));
* memory leak in X509_set_issuer_name(ret, X509_NAME_dup(xn));
* memory leak in X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
* missing return value check of X509_REQ_get_pubkey(r);
* missing return value check of X509_set_pubkey(...);
Some of these bugs have survived for twenty-five years.
I noticed the first two bugs while documenting the function,
then found that a commit in the OpenSSL 1.1.1 branch, which is
still under a free license, fixed all of them in 2016.
In the function X509_REQ_to_X509(3), merge everything worth merging
from OpenSSL 1.1.1, in particular the relevant parts of:
* 222561fe Apr 30 17:33:59 2015 -0400 (err: label cleanup)
* 0517538d Mar 17 00:15:48 2016 +0100 (the bugfix)
* c5137473 Apr 3 23:37:32 2016 +0200 (code simplification)
While here, delete some commented out code that is wrong in
multiple ways and untouched since the SSLeay era.
One code tweak for readability by tb@, and OK tb@.
Diffstat (limited to 'src/lib/libc')
0 files changed, 0 insertions, 0 deletions