artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 498c7b5)
Avoid a potential double free in group_free()
authortb <tb@openbsd.org>
Mon, 13 Dec 2021 18:06:56 +0000 (18:06 +0000)
committertb <tb@openbsd.org>
Mon, 13 Dec 2021 18:06:56 +0000 (18:06 +0000)
In the unlikely event that EC_KEY_check_key() in ec_init() fails,
the group would be freed twice: once in ec_init(), and later in
group_free().

ok tobhe

sbin/iked/dh.c patch | blob | history

diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c
index ff3126e..8c46e1b 100644 (file)
--- a/sbin/iked/dh.c
+++ b/sbin/iked/dh.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dh.c,v 1.30 2021/11/29 06:43:42 deraadt Exp $ */
+/*     $OpenBSD: dh.c,v 1.31 2021/12/13 18:06:56 tb Exp $      */
 
 /*
  * Copyright (c) 2010-2014 Reyk Floeter <reyk@openbsd.org>
@@ -513,10 +513,8 @@ ec_init(struct dh_group *group)
                return (-1);
        if (!EC_KEY_generate_key(group->ec))
                return (-1);
-       if (!EC_KEY_check_key(group->ec)) {
-               EC_KEY_free(group->ec);
+       if (!EC_KEY_check_key(group->ec))
                return (-1);
-       }
        return (0);
 }
 
OpenBSD src
by Ahmet Artu Yildirim