CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2021/05/01 07:13:45
Modified files: lib/libcrypto/ts: ts_rsp_verify.c Log message: Prevent double free in int_TS_RESP_verify_token If TS_compute_imprint fails after md_alg was allocated, there will be a double free in its caller. Obvious fix is to null out the output parameter md_alg just like it's already done for imprint and imprint_len. >From Pauli Dale, OpenSSL 1.1.1, a3dea76f742896b7d75a0c0529c0af1e628bd853 ok inoguchi jsing