From da8f10881e3bb3b0ec5a7ad83962718f1d999d19 Mon Sep 17 00:00:00 2001 From: mancha Date: Tue, 22 Apr 2014 13:11:56 +0100 Subject: [PATCH] Fix double frees. Conflicts: CHANGES --- CHANGES | 3 +++ crypto/pkcs7/pk7_doit.c | 1 + crypto/ts/ts_rsp_verify.c | 1 + ssl/d1_srvr.c | 1 + 4 files changed, 6 insertions(+) diff --git a/CHANGES b/CHANGES index edea4a10b..b2d3d98e4 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 1.0.0l and 1.0.0m [xx XXX xxxx] + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + *) Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 2ec83ed20..0e361e7e7 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -922,6 +922,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) goto err; OPENSSL_free(abuf); + abuf = NULL; if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) goto err; abuf = OPENSSL_malloc(siglen); diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index e1f3b534a..30dab7b1b 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -626,6 +626,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR_free(*md_alg); OPENSSL_free(*imprint); *imprint_len = 0; + *imprint = NULL; return 0; } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0c66d707a..b15970bf8 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -1197,6 +1197,7 @@ int dtls1_send_server_key_exchange(SSL *s) (unsigned char *)encodedPoint, encodedlen); OPENSSL_free(encodedPoint); + encodedPoint = NULL; p += encodedlen; } #endif