wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PR: 1868

Browse source 
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
This commit is contained in:
Dr. Stephen Henson 2009-03-25 10:42:34 +00:00
parent 188abf7e2a
commit c60dca1f95
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -4,6 +4,11 @@
Changes between 0.9.8j and 0.9.8k [xx XXX xxxx]
*) Don't set val to NULL when freeing up structures, it is freed up by
underlying code. If sizeof(void *) > sizeof(long) this can result in
zeroing past the valid field. (CVE-2009-0789)
[Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
checked correctly. This would allow some invalid signed attributes to
appear to verify correctly. (CVE-2009-0591)

2
crypto/asn1/tasn_dec.c
View file

@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
err:
ASN1_template_free(val, tt);
*val = NULL;
return 0;
}
@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
err:
ASN1_template_free(val, tt);
*val = NULL;
return 0;
}