diff options
| author | tb <> | 2023-04-14 06:47:07 +0000 |
|---|---|---|
| committer | tb <> | 2023-04-14 06:47:07 +0000 |
| commit | 030b8689c5e2131d8db812703be39b34a6472284 (patch) | |
| tree | 53bea8f79845b10d786659d904ee1879651e89a9 /src | |
| parent | c57d52f1ed74165285266fb36c75bb904911f2e7 (diff) | |
| download | openbsd-030b8689c5e2131d8db812703be39b34a6472284.tar.gz openbsd-030b8689c5e2131d8db812703be39b34a6472284.tar.bz2 openbsd-030b8689c5e2131d8db812703be39b34a6472284.zip | |
Fix double free in error path in openssl(1) x509
A conversion from X509_REQ_get_pubkey() to X509_REQ_get0_pubkey() missed
one free of pkey in an unlikely error path. After the conversion pkey is
no longer owned by us, so we mustn't free it.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/x509.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c index e6d1ee915d..7c8f34f64c 100644 --- a/src/usr.bin/openssl/x509.c +++ b/src/usr.bin/openssl/x509.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.c,v 1.32 2023/04/09 17:28:52 tb Exp $ */ | 1 | /* $OpenBSD: x509.c,v 1.33 2023/04/14 06:47:07 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -888,10 +888,8 @@ x509_main(int argc, char **argv) | |||
| 888 | 888 | ||
| 889 | if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) | 889 | if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) |
| 890 | goto end; | 890 | goto end; |
| 891 | if (!X509_set_pubkey(x, pkey)) { | 891 | if (!X509_set_pubkey(x, pkey)) |
| 892 | EVP_PKEY_free(pkey); | ||
| 893 | goto end; | 892 | goto end; |
| 894 | } | ||
| 895 | } else { | 893 | } else { |
| 896 | x = load_cert(bio_err, cfg.infile, cfg.informat, NULL, | 894 | x = load_cert(bio_err, cfg.infile, cfg.informat, NULL, |
| 897 | "Certificate"); | 895 | "Certificate"); |