Hi, This patch fixes a potential double-free in PKCS12_parse() when the ca parameter is not NULL and sk_X509_push() fails, likely under memory pressure. In this case, *cert is freed two times instead of freeing *cert then x.
This patch has been generated against OpenSSL 1.0.0g but applies cleanly against 1.0.1-beta3. Regards, Remi Gacogne
Hi,
This patch fixes a potential double-free in PKCS12_parse() when the ca parameter is not NULL and sk_X509_push() fails, likely under memory pressure. In this case, *cert is freed two times instead of freeing *cert then x.
This patch has been generated against OpenSSL 1.0.0g but applies cleanly against 1.0.1-beta3.
Regards,
Remi Gacogne
|
--- openssl-1.0.0g-orig/crypto/pkcs12/p12_kiss.c 2009-04-04 15:39:48.000000000 +0200 +++ openssl-1.0.0g/crypto/pkcs12/p12_kiss.c 2012-02-26 18:08:08.769994161 +0100 @@ -167,7 +167,7 @@ if (cert && *cert) X509_free(*cert); if (x) - X509_free(*cert); + X509_free(x); if (ocerts) sk_X509_pop_free(ocerts, X509_free); return 0;