[levitte - Wed Jun 5 15:31:44 2002]:
> A little more analysis seems to indicate that X509_EXTENSION isn't > properly coded, since freeing it requires a dive into the > OCTET_STRING (or whatever that translates to) and free whatever > that's pointing to. > > The code in question is crypto/asn1/x_exten.c, and for comparison, > one might want to look at crypto/asn1/x_x509.c... > > I've assigned this ticket to Steve, since he's much more competent > on this type of stuff... > This is caused by the location field of AUTHORITY_INFO_ACCESS (the mem leak message is a hint) being preallocated in the new ASN1 code. As a result it should be freed before overwriting in in v2i_AUTHORITY_INFO_ACCESS. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
