do_body: fix heap-use-after-free.
The memory pointed to by the 'push' is freed by the X509_NAME_ENTRY_free() in do_body(). The second time it is referenced to (indirectly) in certify_cert:X509_REQ_free(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4698)
This commit is contained in:
parent
abcf241114
commit
59053968e7
1 changed files with 0 additions and 1 deletions
|
@ -1556,7 +1556,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
|
|||
|
||||
if (push != NULL) {
|
||||
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
|
||||
X509_NAME_ENTRY_free(push);
|
||||
BIO_printf(bio_err, "Memory allocation failure\n");
|
||||
goto end;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue