diff options
| author | miod <> | 2014-09-29 04:20:14 +0000 |
|---|---|---|
| committer | miod <> | 2014-09-29 04:20:14 +0000 |
| commit | c23a67af7f4a09d29116172b102fabc1c99365fe (patch) | |
| tree | 5fb99e3b0b09d91f696101bda08f0b5e0e008356 /src/lib | |
| parent | b9058e3a0925c64cba4c450d054e5f8818edfb17 (diff) | |
| download | openbsd-c23a67af7f4a09d29116172b102fabc1c99365fe.tar.gz openbsd-c23a67af7f4a09d29116172b102fabc1c99365fe.tar.bz2 openbsd-c23a67af7f4a09d29116172b102fabc1c99365fe.zip | |
check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.
X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon
failure, for we did not allocate it and it might not come from the heap,
such as in check_crl_path() in this very same file where X509_STORE_CTX_init()
gets invoked with a stack address.
ok bcook@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 15 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509_vfy.c | 15 |
2 files changed, 10 insertions, 20 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index ae8484a885..cda8aeafa9 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.37 2014/07/17 07:13:02 logan Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.38 2014/09/29 04:20:14 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -747,6 +747,7 @@ check_cert(X509_STORE_CTX *ctx) | |||
| 747 | goto err; | 747 | goto err; |
| 748 | } | 748 | } |
| 749 | 749 | ||
| 750 | ctx->current_crl = NULL; | ||
| 750 | X509_CRL_free(crl); | 751 | X509_CRL_free(crl); |
| 751 | X509_CRL_free(dcrl); | 752 | X509_CRL_free(dcrl); |
| 752 | crl = NULL; | 753 | crl = NULL; |
| @@ -762,10 +763,9 @@ check_cert(X509_STORE_CTX *ctx) | |||
| 762 | } | 763 | } |
| 763 | 764 | ||
| 764 | err: | 765 | err: |
| 766 | ctx->current_crl = NULL; | ||
| 765 | X509_CRL_free(crl); | 767 | X509_CRL_free(crl); |
| 766 | X509_CRL_free(dcrl); | 768 | X509_CRL_free(dcrl); |
| 767 | |||
| 768 | ctx->current_crl = NULL; | ||
| 769 | return ok; | 769 | return ok; |
| 770 | } | 770 | } |
| 771 | 771 | ||
| @@ -2100,13 +2100,8 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | |||
| 2100 | ctx->check_policy = check_policy; | 2100 | ctx->check_policy = check_policy; |
| 2101 | 2101 | ||
| 2102 | 2102 | ||
| 2103 | /* This memset() can't make any sense anyway, so it's removed. As | 2103 | if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, |
| 2104 | * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a | 2104 | &(ctx->ex_data)) == 0) { |
| 2105 | * corresponding "new" here and remove this bogus initialisation. */ | ||
| 2106 | /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ | ||
| 2107 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, | ||
| 2108 | &(ctx->ex_data))) { | ||
| 2109 | free(ctx); | ||
| 2110 | X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); | 2105 | X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); |
| 2111 | return 0; | 2106 | return 0; |
| 2112 | } | 2107 | } |
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index ae8484a885..cda8aeafa9 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.37 2014/07/17 07:13:02 logan Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.38 2014/09/29 04:20:14 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -747,6 +747,7 @@ check_cert(X509_STORE_CTX *ctx) | |||
| 747 | goto err; | 747 | goto err; |
| 748 | } | 748 | } |
| 749 | 749 | ||
| 750 | ctx->current_crl = NULL; | ||
| 750 | X509_CRL_free(crl); | 751 | X509_CRL_free(crl); |
| 751 | X509_CRL_free(dcrl); | 752 | X509_CRL_free(dcrl); |
| 752 | crl = NULL; | 753 | crl = NULL; |
| @@ -762,10 +763,9 @@ check_cert(X509_STORE_CTX *ctx) | |||
| 762 | } | 763 | } |
| 763 | 764 | ||
| 764 | err: | 765 | err: |
| 766 | ctx->current_crl = NULL; | ||
| 765 | X509_CRL_free(crl); | 767 | X509_CRL_free(crl); |
| 766 | X509_CRL_free(dcrl); | 768 | X509_CRL_free(dcrl); |
| 767 | |||
| 768 | ctx->current_crl = NULL; | ||
| 769 | return ok; | 769 | return ok; |
| 770 | } | 770 | } |
| 771 | 771 | ||
| @@ -2100,13 +2100,8 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | |||
| 2100 | ctx->check_policy = check_policy; | 2100 | ctx->check_policy = check_policy; |
| 2101 | 2101 | ||
| 2102 | 2102 | ||
| 2103 | /* This memset() can't make any sense anyway, so it's removed. As | 2103 | if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, |
| 2104 | * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a | 2104 | &(ctx->ex_data)) == 0) { |
| 2105 | * corresponding "new" here and remove this bogus initialisation. */ | ||
| 2106 | /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ | ||
| 2107 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, | ||
| 2108 | &(ctx->ex_data))) { | ||
| 2109 | free(ctx); | ||
| 2110 | X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); | 2105 | X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); |
| 2111 | return 0; | 2106 | return 0; |
| 2112 | } | 2107 | } |