do_body: fix heap-use-after-free.

The memory pointed to by the 'push' is freed by the X509_NAME_ENTRY_free() in do_body(). The second time it is referenced to (indirectly) in certify_cert:X509_REQ_free(). Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4896)
author: Pavel Kopyl <p.kopyl@samsung.com> 2017-12-10 22:57:43 +0300
committer: Matt Caswell <matt@openssl.org> 2018-02-21 12:29:06 +0000
commit: a25e2d49a75eb01dcdad41a5bec05666d461b2d6 (patch)
tree: 6b1776ebd7ccb5e0b2473c9e8fe03302d3f869e8 /apps
parent: becdc13fd87052058c87dd0ee3894345617085b8 (diff)
1 files changed, 0 insertions, 2 deletions
diff --git a/apps/ca.c b/apps/ca.c
index bde3e4438a..06002adf2d 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1825,8 +1825,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
             if (push != NULL) {
                 if (!X509_NAME_add_entry(subject, push, -1, 0)) {
-                    if (push != NULL)
-                        X509_NAME_ENTRY_free(push);
                     BIO_printf(bio_err, "Memory allocation failure\n");
                     goto err;
                 }
author	Pavel Kopyl <p.kopyl@samsung.com>	2017-12-10 22:57:43 +0300
committer	Matt Caswell <matt@openssl.org>	2018-02-21 12:29:06 +0000
commit	a25e2d49a75eb01dcdad41a5bec05666d461b2d6 (patch)
tree	6b1776ebd7ccb5e0b2473c9e8fe03302d3f869e8 /apps
parent	becdc13fd87052058c87dd0ee3894345617085b8 (diff)