generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl: engine: remove double-free

Browse Source 
After a successful call to SSL_CTX_use_PrivateKey(), we must not call
EVP_PKEY_free() on the key.

Reported-by: nased0
Closes #509
This commit is contained in:
Daniel Stenberg
2015-10-27 13:45:25 +01:00
parent e2f430c74a
commit 370ee919b3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/vtls/openssl.c
View File

@@ -558,7 +558,7 @@ int cert_stuff(struct connectdata *conn,
break; break;
case SSL_FILETYPE_ENGINE: case SSL_FILETYPE_ENGINE:
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef HAVE_OPENSSL_ENGINE_H
{ /* XXXX still needs some work */ {
EVP_PKEY *priv_key = NULL; EVP_PKEY *priv_key = NULL;
if(data->state.engine) { if(data->state.engine) {
#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
@@ -592,7 +592,7 @@ int cert_stuff(struct connectdata *conn,
EVP_PKEY_free(priv_key); EVP_PKEY_free(priv_key);
return 0; return 0;
} }
EVP_PKEY_free(priv_key); /* we don't need the handle any more... */ /* ownership of priv_key was handed over, no need to free it here */
} }
else { else {
failf(data, "crypto engine not set, can't load private key"); failf(data, "crypto engine not set, can't load private key");