diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-01-30 16:20:31 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-01-31 19:24:07 +0100 |
commit | 5dc40a83c74be579575a512b30d9c1e0364e6a7b (patch) | |
tree | e8d869633decce31daa0b43f8b900bb85b6ebdc2 /crypto/x509 | |
parent | 53649022509129bce8036c8fb4978dbce9432a86 (diff) |
Fix a crash in reuse of i2d_X509_PUBKEY
If the second PUBKEY is malformed there is use after free.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8122)
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x_pubkey.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index f980af77f6..be42684e44 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -36,6 +36,7 @@ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Attempt to decode public key and cache in pubkey structure. */ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); + pubkey->pkey = NULL; /* * Opportunistically decode the key but remove any non fatal errors * from the queue. Subsequent explicit attempts to decode/use the key |