Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell
parent
7b22e8d01f
commit
18029a3d07
2 changed files with 16 additions and 3 deletions
|
|
@ -172,8 +172,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
|||
{
|
||||
const unsigned char *q;
|
||||
X509 *ret;
|
||||
int freeret = 0;
|
||||
|
||||
/* Save start position */
|
||||
q = *pp;
|
||||
|
||||
if(!a || *a == NULL) {
|
||||
freeret = 1;
|
||||
}
|
||||
ret = d2i_X509(a, pp, length);
|
||||
/* If certificate unreadable then forget it */
|
||||
if (!ret)
|
||||
|
|
@ -186,7 +192,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
|||
goto err;
|
||||
return ret;
|
||||
err:
|
||||
X509_free(ret);
|
||||
if(freeret) {
|
||||
X509_free(ret);
|
||||
if (a)
|
||||
*a = NULL;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
|
|||
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
if (a)
|
||||
*a = ret;
|
||||
} else
|
||||
ret = *a;
|
||||
|
||||
if (!d2i_ECPKParameters(&ret->group, in, len)) {
|
||||
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
|
||||
if (a == NULL || *a != ret)
|
||||
EC_KEY_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (a)
|
||||
*a = ret;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue