[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri May 27 16:21:30 UTC 2016
The branch master has been updated
via 4379d5ce782d4cc83840db7b7b66e18d325dfd3e (commit)
from 230c691a5218f355a63ff12cd72ce99178378c64 (commit)
- Log -----------------------------------------------------------------
commit 4379d5ce782d4cc83840db7b7b66e18d325dfd3e
Author: Todd Short <tshort at akamai.com>
Date: Wed May 25 20:56:48 2016 -0400
Fix ssl_cert_set0_chain invalid pointer
When setting the certificate chain, if a certificate doesn't pass
security checks, then chain may point to a freed STACK_OF(X509)
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_cert.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 7481705..d668afa 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -267,7 +267,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk)
return 0;
- sk_X509_pop_free(cpk->chain, X509_free);
for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) {
@@ -275,6 +274,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 0;
}
}
+ sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = chain;
return 1;
}
More information about the openssl-commits
mailing list