CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2021/05/01 07:13:45
Modified files:
lib/libcrypto/ts: ts_rsp_verify.c
Log message:
Prevent double free in int_TS_RESP_verify_token
If TS_compute_imprint fails after md_alg was allocated, there will be a
double free in its caller. Obvious fix is to null out the output
parameter md_alg just like it's already done for imprint and imprint_len.
>From Pauli Dale, OpenSSL 1.1.1, a3dea76f742896b7d75a0c0529c0af1e628bd853
ok inoguchi jsing
