null a pointer to prevent double free. from Dirk Engling

author tedu <tedu@openbsd.org>

Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)

committer tedu <tedu@openbsd.org>

Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)
author tedu <tedu@openbsd.org>
Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)
committer tedu <tedu@openbsd.org>
Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)
diff --git a/lib/libcrypto/asn1/a_bytes.c b/lib/libcrypto/asn1/a_bytes.c

index 34ed7b7..6cc774e 100644 (file)
--- a/lib/libcrypto/asn1/a_bytes.c
+++ b/lib/libcrypto/asn1/a_bytes.c
@@ -205,6 +205,7 @@ d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
                         if ((ret->length < len) || (ret->data == NULL)) {
                                 if (ret->data != NULL)
                                         free(ret->data);
+                               ret->data = NULL;
                                 s = malloc(len + 1);
                                 if (s == NULL) {
                                         i = ERR_R_MALLOC_FAILURE;
diff --git a/lib/libssl/src/crypto/asn1/a_bytes.c b/lib/libssl/src/crypto/asn1/a_bytes.c

index 34ed7b7..6cc774e 100644 (file)
--- a/lib/libssl/src/crypto/asn1/a_bytes.c
+++ b/lib/libssl/src/crypto/asn1/a_bytes.c
@@ -205,6 +205,7 @@ d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
                         if ((ret->length < len) || (ret->data == NULL)) {
                                 if (ret->data != NULL)
                                         free(ret->data);
+                               ret->data = NULL;
                                 s = malloc(len + 1);
                                 if (s == NULL) {
                                         i = ERR_R_MALLOC_FAILURE;
author	tedu <tedu@openbsd.org>
	Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)
committer	tedu <tedu@openbsd.org>
	Tue, 22 Apr 2014 20:38:02 +0000 (20:38 +0000)
lib/libcrypto/asn1/a_bytes.c		patch \| blob \| history
lib/libssl/src/crypto/asn1/a_bytes.c		patch \| blob \| history