The branch master has been updated via 66ddc0759a435672f1c48b856a0968e7f6e35a82 (commit) via b1423d04cdcad9dbbe2da6e4751f0895112cc977 (commit) from 9a633a1c97e387157560641c4f7043efe52dba6b (commit)
- Log ----------------------------------------------------------------- commit 66ddc0759a435672f1c48b856a0968e7f6e35a82 Author: Pauli <pa...@openssl.org> Date: Wed May 12 14:22:52 2021 +1000 x509: fix a dangling pointer If object was pointer was passed and an error occured the object was freed & the pointer returned. Fix this to NULL out the caller's pointer before returning. Fixes #15115 Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15238) commit b1423d04cdcad9dbbe2da6e4751f0895112cc977 Author: Pauli <pa...@openssl.org> Date: Wed May 12 14:10:49 2021 +1000 e_loader_attic: fix a use after free issue Fixes #15116 Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15238) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x_x509.c | 4 +++- engines/e_loader_attic.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 529d701bbb..7959ee223f 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -131,8 +131,10 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len) /* Only cache the extensions if the cert object was passed in */ if (cert != NULL && a != NULL) { /* then cert == *a */ if (!ossl_x509v3_cache_extensions(cert)) { - if (free_on_error) + if (free_on_error) { + *a = NULL; X509_free(cert); + } cert = NULL; } } diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c index 802b3d9067..4cb98280a5 100644 --- a/engines/e_loader_attic.c +++ b/engines/e_loader_attic.c @@ -199,6 +199,7 @@ static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name, return NULL; } + data->blob = embedded; data->pem_name = new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); @@ -207,7 +208,6 @@ static OSSL_STORE_INFO *new_EMBEDDED(const char *new_pem_name, store_info_free(info); info = NULL; } - data->blob = embedded; return info; }