diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2021-05-01 13:13:46 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-05-01 13:13:46 +0000 |
| commit | ac9918c641b97517913b939d80211e7e6da8c903 (patch) | |
| tree | a88d07e850c583f1259d574e17c8137441b3da83 /lib | |
| parent | 4f6bb2b2172c16826d7c92186c5248513d4c0e3b (diff) | |
Prevent double free in int_TS_RESP_verify_token
If TS_compute_imprint fails after md_alg was allocated, there will be a
double free in its caller. Obvious fix is to null out the output
parameter md_alg just like it's already done for imprint and imprint_len.
From Pauli Dale, OpenSSL 1.1.1, a3dea76f742896b7d75a0c0529c0af1e628bd853
ok inoguchi jsing
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/ts/ts_rsp_verify.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libcrypto/ts/ts_rsp_verify.c b/lib/libcrypto/ts/ts_rsp_verify.c index 36ead0671a9..27515adf682 100644 --- a/lib/libcrypto/ts/ts_rsp_verify.c +++ b/lib/libcrypto/ts/ts_rsp_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ts_rsp_verify.c,v 1.19 2021/05/01 13:13:45 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -639,6 +639,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, err: X509_ALGOR_free(*md_alg); + *md_alg = NULL; free(*imprint); *imprint = NULL; *imprint_len = 0; |