Only call free in CBB_init(). - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	doug <>	2015-02-07 04:37:35 +0000
committer	doug <>	2015-02-07 04:37:35 +0000
commit	34580c70507efc9093560bfbcf1ddd9260243446 (patch)
tree	63acbaab02583769dc6109cb71eefe4e5bb8e7c8 /src/lib/libssl/s3_lib.c
parent	e7d2eaafd57f353d8d6754ac5f5253f1eada3342 (diff)
download	openbsd-34580c70507efc9093560bfbcf1ddd9260243446.tar.gz openbsd-34580c70507efc9093560bfbcf1ddd9260243446.tar.bz2 openbsd-34580c70507efc9093560bfbcf1ddd9260243446.zip

Only call free in CBB_init().

CBB_init_fixed() should not call free because it can lead to use after free or double free bugs. The caller should be responsible for creating and destroying the buffer. From BoringSSL commit a84f06fc1eee6ea25ce040675fbad72c532afece miod agrees with the reasoning ok jsing@, beck@

Diffstat (limited to 'src/lib/libssl/s3_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: