From 768b16b50556fec6a7dc1b87ea26cd72846a4e44 Mon Sep 17 00:00:00 2001 From: beck <> Date: Mon, 14 Sep 2020 08:06:09 +0000 Subject: Correctly fix double free introduced on review. the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@ --- src/lib/libcrypto/x509/x509_verify.c | 3 +-- src/lib/libcrypto/x509/x509_vfy.c | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 5f5070c122..aeab03ffc2 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.1 2020/09/13 15:06:17 beck Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.2 2020/09/14 08:06:09 beck Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -153,7 +153,6 @@ x509_verify_ctx_clear(struct x509_verify_ctx *ctx) { x509_verify_ctx_reset(ctx); sk_X509_pop_free(ctx->intermediates, X509_free); - sk_X509_pop_free(ctx->roots, X509_free); free(ctx->chains); memset(ctx, 0, sizeof(*ctx)); } diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index f076a1dc5c..a66ef76e6b 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.76 2020/09/14 07:46:01 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.77 2020/09/14 08:06:09 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -682,6 +682,7 @@ X509_verify_cert(X509_STORE_CTX *ctx) chain_count = x509_verify(vctx, NULL, NULL); } + sk_X509_pop_free(roots, X509_free); x509_verify_ctx_free(vctx); /* if we succeed we have a chain in ctx->chain */ -- cgit v1.2.3-55-g6feb