Fix leak or double free with OCSP_request_add0_id() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-10-09 17:19:35 +0000
committer	tb <>	2020-10-09 17:19:35 +0000
commit	fefcf488fdade8b93e6ee8a514efcb3705e952ff (patch)
tree	cb5721a23a34e4af109398c549587aded00d68d7 /src/lib/libssl/ssl_sigalgs.c
parent	64328f64e6e2d96ec14ebcdb13eba729d774d45a (diff)
download	openbsd-fefcf488fdade8b93e6ee8a514efcb3705e952ff.tar.gz openbsd-fefcf488fdade8b93e6ee8a514efcb3705e952ff.tar.bz2 openbsd-fefcf488fdade8b93e6ee8a514efcb3705e952ff.zip

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing

Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: