Module Name: src Committed By: riz Date: Wed Jan 25 20:20:14 UTC 2012
Modified Files: src/crypto/dist/openssl/crypto/x509v3 [netbsd-5]: pcy_map.c pcy_tree.c Log Message: Apply patch (requested by drochner in ticket #1711): crypto/dist/openssl/crypto/x509v3/pcy_map.c patch crypto/dist/openssl/crypto/x509v3/pcy_tree.c patch Address CVE-2011-4109. [drochner, ticket #1711] To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.26.1 \ src/crypto/dist/openssl/crypto/x509v3/pcy_map.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.4.1 \ src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/openssl/crypto/x509v3/pcy_map.c diff -u src/crypto/dist/openssl/crypto/x509v3/pcy_map.c:1.1.1.1 src/crypto/dist/openssl/crypto/x509v3/pcy_map.c:1.1.1.1.26.1 --- src/crypto/dist/openssl/crypto/x509v3/pcy_map.c:1.1.1.1 Fri Nov 25 03:07:35 2005 +++ src/crypto/dist/openssl/crypto/x509v3/pcy_map.c Wed Jan 25 20:20:14 2012 @@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF static void policy_map_free(X509_POLICY_REF *map) { - if (map->subjectDomainPolicy) - ASN1_OBJECT_free(map->subjectDomainPolicy); OPENSSL_free(map); } @@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, PO { POLICY_MAPPING *map; X509_POLICY_REF *ref = NULL; + ASN1_OBJECT *subjectDomainPolicyRef; X509_POLICY_DATA *data; X509_POLICY_CACHE *cache = x->policy_cache; int i; @@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, PO if (!sk_ASN1_OBJECT_push(data->expected_policy_set, map->subjectDomainPolicy)) goto bad_mapping; + /* map->subjectDomainPolicy will be freed when + * cache->data is freed. Set it to NULL to avoid double-free. */ + subjectDomainPolicyRef = map->subjectDomainPolicy; + map->subjectDomainPolicy = NULL; ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); if (!ref) goto bad_mapping; - ref->subjectDomainPolicy = map->subjectDomainPolicy; - map->subjectDomainPolicy = NULL; + ref->subjectDomainPolicy = subjectDomainPolicyRef; ref->data = data; if (!sk_X509_POLICY_REF_push(cache->maps, ref)) Index: src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c diff -u src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c:1.1.1.4 src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c:1.1.1.4.4.1 --- src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c:1.1.1.4 Fri May 9 21:34:38 2008 +++ src/crypto/dist/openssl/crypto/x509v3/pcy_tree.c Wed Jan 25 20:20:14 2012 @@ -611,6 +611,10 @@ int X509_policy_check(X509_POLICY_TREE * return 1; /* Some internal error */ + case -1: + return -1; + + /* Some internal error */ case 0: return 0;