[openssl-commits] [openssl] OpenSSL_1_0_0-stable update

Matt Caswell matt at openssl.org
Wed Feb 25 20:42:20 UTC 2015


The branch OpenSSL_1_0_0-stable has been updated
       via  dac693c957dc40dbf839f0add91b824deba26dc3 (commit)
      from  6e161ee39ede0686dc6ae9af115bf1c132f05db0 (commit)


- Log -----------------------------------------------------------------
commit dac693c957dc40dbf839f0add91b824deba26dc3
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Feb 9 11:38:41 2015 +0000

    Fix a failure to NULL a pointer freed on error.
    
    Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman at chromium.org>
    
    CVE-2015-0209
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_asn1.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index f16842b..6907436 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (a)
-            *a = ret;
     } else
         ret = *a;
 
@@ -1083,10 +1081,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
         ret->enc_flag |= EC_PKEY_NO_PUBKEY;
     }
 
+    if (a)
+        *a = ret;
     ok = 1;
  err:
     if (!ok) {
-        if (ret)
+        if (ret && (a == NULL || *a != ret))
             EC_KEY_free(ret);
         ret = NULL;
     }


More information about the openssl-commits mailing list