diff options
author | Pavel Kopyl <p.kopyl@samsung.com> | 2017-11-03 22:18:35 +0300 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-21 12:18:56 +0000 |
commit | 59053968e756e9063c512fba59717c32621e3f1a (patch) | |
tree | 31b8a1387cd7cea215f4230ef0a513b26c61852e /apps | |
parent | abcf241114c4dc33af95288ae7f7d10916c67db0 (diff) |
do_body: fix heap-use-after-free.
The memory pointed to by the 'push' is freed by the
X509_NAME_ENTRY_free() in do_body(). The second time
it is referenced to (indirectly) in certify_cert:X509_REQ_free().
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4698)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ca.c | 1 |
1 files changed, 0 insertions, 1 deletions
@@ -1556,7 +1556,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } |