artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 54339fe) | patch
Fix double free after BIO_new_NDEF()
authortb <tb@openbsd.org>
Sat, 11 Mar 2023 15:50:13 +0000 (15:50 +0000)
committertb <tb@openbsd.org>
Sat, 11 Mar 2023 15:50:13 +0000 (15:50 +0000)
commitdc864e36544e7fb5a32516b7d178a6b4a86b70c6
treee1eb38f1082a623803a6195b05a63aa528b4d6adtree | snapshot
parent54339fe5b2356b1d99f7c91e10d2c804de525011commit | diff
Fix double free after BIO_new_NDEF()

Once the asn_bio is prepended to the out chain, and before the asn1_cb()
has done its thing, asn_bio needs to be popped off again on error. Failing
to do this can cause write after frees or double frees when the out BIO
is used after the function returned.

Based on a very complicated diff by Matt Caswell and Viktor Dukhovni.
This was part of the fixes in OpenSSL 1.1.1t.

ok jsing
lib/libcrypto/asn1/bio_ndef.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim