diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-09 11:38:41 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-02-25 20:40:38 +0000 |
| commit | 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a (patch) | |
| tree | f84fc1fa0f8a9d32695f8945ced3331aacaeb088 | |
| parent | 6d4655c27e4bc582836ae37accdb82833d6ddd00 (diff) | |
Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
| -rw-r--r-- | crypto/ec/ec_asn1.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 30b7df4850..d3e8316ffb 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } |