diff options
author | Pavel Kopyl <p.kopyl@samsung.com> | 2017-12-10 22:57:43 +0300 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-21 12:29:06 +0000 |
commit | a25e2d49a75eb01dcdad41a5bec05666d461b2d6 (patch) | |
tree | 6b1776ebd7ccb5e0b2473c9e8fe03302d3f869e8 /apps/ca.c | |
parent | becdc13fd87052058c87dd0ee3894345617085b8 (diff) |
do_body: fix heap-use-after-free.
The memory pointed to by the 'push' is freed by the
X509_NAME_ENTRY_free() in do_body(). The second time
it is referenced to (indirectly) in certify_cert:X509_REQ_free().
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4896)
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 2 |
1 files changed, 0 insertions, 2 deletions
@@ -1825,8 +1825,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - if (push != NULL) - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } |