generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix a failure to NULL a pointer freed on error.

Browse Source 
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Matt Caswell 2015-02-09 11:38:41 +00:00
parent 08a2df480d
commit 89117535f1
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/ec/ec_asn1.c
View File

@ -1033,8 +1033,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
if (a)
*a = ret;
} else } else
ret = *a; ret = *a;
@ -1102,10 +1100,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ret->enc_flag |= EC_PKEY_NO_PUBKEY; ret->enc_flag |= EC_PKEY_NO_PUBKEY;
} }
if (a)
*a = ret;
ok = 1; ok = 1;
err: err:
if (!ok) { if (!ok) {
if (ret) if (ret && (a == NULL || *a != ret))
EC_KEY_free(ret); EC_KEY_free(ret);
ret = NULL; ret = NULL;
} }