Hi, in version 1.0.2, in crypto/dsa/dsa/ameth.c, line 318 frees `prkey`, which may be freed again on line 332 if the call on line 320 fails.
318 ASN1_INTEGER_free(prkey); 319 320 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, 321 V_ASN1_SEQUENCE, params, dp, dplen)) 322 goto err; 323 324 return 1; 325 326 err: 327 if (dp != NULL) 328 OPENSSL_free(dp); 329 if (params != NULL) 330 ASN1_STRING_free(params); 331 if (prkey != NULL) 332 ASN1_INTEGER_free(prkey); -- Martin _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
