From 325847dec91a0775a2c9806147ab783c0737cc84 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Thu, 19 Mar 2015 14:00:22 +0000 Subject: Fix several crash causing defects from OpenSSL. These include: CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp CVE-2015-0287 - ASN.1 structure reuse memory corruption CVE-2015-0289 - PKCS7 NULL pointer dereferences Several other issues did not apply or were already fixed. Refer to https://www.openssl.org/news/secadv_20150319.txt joint work with beck, doug, guenther, jsing, miod --- src/lib/libcrypto/asn1/a_set.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/libcrypto/asn1/a_set.c') diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c index ba4f28be34..63d55c3714 100644 --- a/src/lib/libcrypto/asn1/a_set.c +++ b/src/lib/libcrypto/asn1/a_set.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_set.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ +/* $OpenBSD: a_set.c,v 1.17 2015/03/19 14:00:22 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -225,7 +225,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, const unsigned char **pp, long length, return ret; err: - if (ret != NULL && (a == NULL || *a != ret)) { + if (a == NULL || *a != ret) { if (free_func != NULL) sk_OPENSSL_BLOCK_pop_free(ret, free_func); else -- cgit v1.2.3-55-g6feb