On 21.04.14 04:56, Ted Unangst wrote:
> Also, can you include diffs inline please? One diff per email. Maybe
> just one or two emails to start, then try sending the rest after we
> see how that goes?
fix double free in d2i_ASN1_bytes by setting ret->data = NULL after
free, before potential goto err;
Index: a_bytes.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_bytes.c,v
retrieving revision 1.10
diff -u -r1.10 a_bytes.c
--- a_bytes.c 17 Apr 2014 16:14:15 -0000 1.10
+++ a_bytes.c 21 Apr 2014 03:35:25 -0000
@@ -205,6 +205,7 @@
if ((ret->length < len) || (ret->data == NULL)) {
if (ret->data != NULL)
free(ret->data);
+ ret->data = NULL;
s = (unsigned char *)malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
