diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-02-11 17:37:55 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-02-11 17:37:55 +0000 |
| commit | d901d15af1d6a3bec76fcc4253f500773fa8212a (patch) | |
| tree | c4edb371c1a781c4bb465a1109e9fdf82a97b8cd /lib/libcrypto | |
| parent | a311bcbd008dd9d2a6160b092f8a3a4ff692b272 (diff) | |
Fix a double free in v2i_NAME_CONSTRAINTS()
a2i_GENERAL_NAME() modifies and returns the out argument that was
passed in unless out == NULL, in which case it returns something
freshly allocated. Thus, in v2i_GENERAL_NAME_ex() we must only free
ret if out == NULL so v2i_NAME_CONSTRAINTS() can free correctly.
Issue reported by Volker Schlecht
ok jsing
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/x509/x509_alt.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_alt.c b/lib/libcrypto/x509/x509_alt.c index a7c1a8c6a12..9dbca9d1e91 100644 --- a/lib/libcrypto/x509/x509_alt.c +++ b/lib/libcrypto/x509/x509_alt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_alt.c,v 1.5 2021/10/28 10:58:23 tb Exp $ */ +/* $OpenBSD: x509_alt.c,v 1.6 2022/02/11 17:37:54 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -686,7 +686,8 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, } return ret; err: - GENERAL_NAME_free(ret); + if (out == NULL) + GENERAL_NAME_free(ret); return NULL; } |