diff options
author | tb <> | 2020-11-18 17:54:46 +0000 |
---|---|---|
committer | tb <> | 2020-11-18 17:54:46 +0000 |
commit | 55e64e549e2ba5234b327630d22faf48d66de9ee (patch) | |
tree | d7ab734b9207f1fc27a3037da6009a48c70fd641 /src/lib/libcrypto/dsa/dsa_ossl.c | |
parent | c67f3c9390fc29f3f4e97751c76c023f647bc9ec (diff) | |
download | openbsd-55e64e549e2ba5234b327630d22faf48d66de9ee.tar.gz openbsd-55e64e549e2ba5234b327630d22faf48d66de9ee.tar.bz2 openbsd-55e64e549e2ba5234b327630d22faf48d66de9ee.zip |
Plug leak in x509_verify_chain_dup()
x509_verify_chain_new() allocates a few members of a certificate chain:
an empty stack of certificates, a list of errors encountered while
validating the chain, and a list of name constraints. The function to
copy a chain would allocate a new chain using x509_verify_chain_new()
and then clobber its members by copies of the old chain. Fix this by
replacing x509_verify_chain_new() with calloc().
Found by review while investigating the report by Hanno Zysik who
found the same leak using valgrind. This is a cleaner version of
my initial fix from jsing.
ok jsing
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')
0 files changed, 0 insertions, 0 deletions