diff options
author | Matt Caswell <matt@openssl.org> | 2022-12-14 16:18:14 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-07 17:05:10 +0100 |
commit | 9cc85002a1138235bdc272b837d7eb32d6b7aa95 (patch) | |
tree | 2d8278243a452cb1c7e6abd2d0acc592333f5b0d /test/recipes/80-test_cms.t | |
parent | dc341a46677fe19f055bd2eea0e3a2af21053903 (diff) |
Fix a UAF resulting from a bug in BIO_new_NDEF
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.
Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.
Thanks to Octavio Galland for reporting this issue.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Diffstat (limited to 'test/recipes/80-test_cms.t')
0 files changed, 0 insertions, 0 deletions