There is a bug in the implementation of d2i_PrivateKey in crypto/asn1/d2i_pr.c. If the function is called with *a != NULL and returns NULL, the value of *a is not changed, but the EVP_PKEY it refers to might have been freed or not depending on whether line 100 was reached or not. If the caller makes the wrong guess this can result in a crash due to a double free or in a memory leak.
Best regards Harry Reimann -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4527 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
