diff options
author | Matt Caswell <matt@openssl.org> | 2015-03-19 10:16:32 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-19 13:01:13 +0000 |
commit | 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f (patch) | |
tree | ef0d4188017e0a8db017b5b3eaac83193faced75 /crypto/ec | |
parent | 367eab2f9f1d1131356118507d21534558863365 (diff) |
Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_asn1.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 6ff94a3563..b4b0e9f3b8 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); return NULL; } - if (a) - *a = ret; } else ret = *a; if (!d2i_ECPKParameters(&ret->group, in, len)) { ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + if (a == NULL || *a != ret) + EC_KEY_free(ret); return NULL; } + if (a) + *a = ret; + return ret; } |