Fix leak or double free with OCSP_request_add0_id() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-10-09 17:19:35 +0000
committer	tb <>	2020-10-09 17:19:35 +0000
commit	c2d858c793f1c66f3c541ebc3f6d0bf4deb3b7e7 (patch)
tree	cb5721a23a34e4af109398c549587aded00d68d7 /src/lib/libssl/ssl_srvr.c
parent	acf6e4c16993f0fa6153452c6141084e0c84afc3 (diff)
download	openbsd-c2d858c793f1c66f3c541ebc3f6d0bf4deb3b7e7.tar.gz openbsd-c2d858c793f1c66f3c541ebc3f6d0bf4deb3b7e7.tar.bz2 openbsd-c2d858c793f1c66f3c541ebc3f6d0bf4deb3b7e7.zip

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing

Diffstat (limited to 'src/lib/libssl/ssl_srvr.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: