diff options
author | tb <> | 2020-11-18 17:54:46 +0000 |
---|---|---|
committer | tb <> | 2020-11-18 17:54:46 +0000 |
commit | d7ea65d1de4c5d0528a68eb9b33a6ef17ca79f14 (patch) | |
tree | d7ab734b9207f1fc27a3037da6009a48c70fd641 /src/lib/libcrypto/crypto/getentropy_linux.c | |
parent | fa7f97be6a425fa454c92d146ea0a205a46da2a0 (diff) | |
download | openbsd-d7ea65d1de4c5d0528a68eb9b33a6ef17ca79f14.tar.gz openbsd-d7ea65d1de4c5d0528a68eb9b33a6ef17ca79f14.tar.bz2 openbsd-d7ea65d1de4c5d0528a68eb9b33a6ef17ca79f14.zip |
Plug leak in x509_verify_chain_dup()
x509_verify_chain_new() allocates a few members of a certificate chain:
an empty stack of certificates, a list of errors encountered while
validating the chain, and a list of name constraints. The function to
copy a chain would allocate a new chain using x509_verify_chain_new()
and then clobber its members by copies of the old chain. Fix this by
replacing x509_verify_chain_new() with calloc().
Found by review while investigating the report by Hanno Zysik who
found the same leak using valgrind. This is a cleaner version of
my initial fix from jsing.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/crypto/getentropy_linux.c')
0 files changed, 0 insertions, 0 deletions