CVSROOT: /cvs
Module name: src
Changes by: r...@cvs.openbsd.org 2014/05/20 08:21:46
Modified files:
usr.sbin/smtpd : ssl.c ssl.h
Log message:
Deep down inside OpenSSL, err... LibreSSL, RSA_set_ex_data attempts to
free() the external data when releasing the RSA object. The
RSA_GET_EX_NEW_INDEX(3) manual page doesn't mention that this is the
default behaviour - it just describes the possible free_func()
callback - and the code path in libcrypto is hiding the fact behind
layers of abstraction.
Fix possible double free by allocating and copying the external data
reference that is used for RSA privsep (pkiname in smtpd's case).
ok eric@ gilles@
