diff options
| author | tb <> | 2022-02-11 17:37:54 +0000 |
|---|---|---|
| committer | tb <> | 2022-02-11 17:37:54 +0000 |
| commit | 7553d37f566450a198f4ed53c39672be6ad1f9a6 (patch) | |
| tree | 02b71ac3a99dd34249dd79d0ed13b935d13ccc1e /src | |
| parent | a891547fba82e9b33ef52b7c649b29f56c2b35dc (diff) | |
| download | openbsd-7553d37f566450a198f4ed53c39672be6ad1f9a6.tar.gz openbsd-7553d37f566450a198f4ed53c39672be6ad1f9a6.tar.bz2 openbsd-7553d37f566450a198f4ed53c39672be6ad1f9a6.zip | |
Fix a double free in v2i_NAME_CONSTRAINTS()
a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.
Issue reported by Volker Schlecht
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_alt.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_alt.c b/src/lib/libcrypto/x509/x509_alt.c index a7c1a8c6a1..9dbca9d1e9 100644 --- a/src/lib/libcrypto/x509/x509_alt.c +++ b/src/lib/libcrypto/x509/x509_alt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_alt.c,v 1.5 2021/10/28 10:58:23 tb Exp $ */ | 1 | /* $OpenBSD: x509_alt.c,v 1.6 2022/02/11 17:37:54 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -686,7 +686,8 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, | |||
| 686 | } | 686 | } |
| 687 | return ret; | 687 | return ret; |
| 688 | err: | 688 | err: |
| 689 | GENERAL_NAME_free(ret); | 689 | if (out == NULL) |
| 690 | GENERAL_NAME_free(ret); | ||
| 690 | return NULL; | 691 | return NULL; |
| 691 | } | 692 | } |
| 692 | 693 | ||