PR: 1868
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH> Approved by: steve@openssl.org Don't set fields to NULL when freeing them up in ASN1 code. On some platforms with sizeof(long) < sizeof(char *) this can cause a crash.
This commit is contained in:
Dr. Stephen Henson
parent
188abf7e2a
commit
c60dca1f95
2 changed files with 5 additions and 2 deletions
5
CHANGES
5
CHANGES
|
|
@ -4,6 +4,11 @@
|
||||||
|
|
||||||
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
|
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Don't set val to NULL when freeing up structures, it is freed up by
|
||||||
|
underlying code. If sizeof(void *) > sizeof(long) this can result in
|
||||||
|
zeroing past the valid field. (CVE-2009-0789)
|
||||||
|
[Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
|
||||||
|
|
||||||
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
|
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
|
||||||
checked correctly. This would allow some invalid signed attributes to
|
checked correctly. This would allow some invalid signed attributes to
|
||||||
appear to verify correctly. (CVE-2009-0591)
|
appear to verify correctly. (CVE-2009-0591)
|
||||||
|
|
|
||||||
|
|
@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
|
||||||
|
|
||||||
err:
|
err:
|
||||||
ASN1_template_free(val, tt);
|
ASN1_template_free(val, tt);
|
||||||
*val = NULL;
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
||||||
|
|
||||||
err:
|
err:
|
||||||
ASN1_template_free(val, tt);
|
ASN1_template_free(val, tt);
|
||||||
*val = NULL;
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue