[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Sun Jan 29 14:33:13 UTC 2017


The branch master has been updated
       via  d85d3c993e322d3e4c3f00be2910faa8c55b40e3 (commit)
      from  31b69e9a26c5b127ce273bc5834b9e13e5e25556 (commit)


- Log -----------------------------------------------------------------
commit d85d3c993e322d3e4c3f00be2910faa8c55b40e3
Author: Richard Levitte <levitte at openssl.org>
Date:   Sun Jan 29 08:52:02 2017 +0100

    Fix faulty free
    
    On error, i2o_SCT_signature() and i2o_SCT() free a pointer that may
    have wandered off from the start of the allocated block (not currently
    true for i2o_SCT_signature(), but has that potential as the code may
    change.  To avoid this, save away the start of the allocated block and
    free that instead.
    
    Thanks to Guido Vranken for reporting this issue.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2323)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ct/ct_oct.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index d3edd39..0dd691c 100644
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -153,7 +153,7 @@ err:
 int i2o_SCT_signature(const SCT *sct, unsigned char **out)
 {
     size_t len;
-    unsigned char *p = NULL;
+    unsigned char *p = NULL, *pstart = NULL;
 
     if (!SCT_signature_is_complete(sct)) {
         CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
@@ -177,7 +177,7 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out)
             p = *out;
             *out += len;
         } else {
-            p = OPENSSL_malloc(len);
+            pstart = p = OPENSSL_malloc(len);
             if (p == NULL) {
                 CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -193,14 +193,14 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out)
 
     return len;
 err:
-    OPENSSL_free(p);
+    OPENSSL_free(pstart);
     return -1;
 }
 
 int i2o_SCT(const SCT *sct, unsigned char **out)
 {
     size_t len;
-    unsigned char *p = NULL;
+    unsigned char *p = NULL, *pstart = NULL;
 
     if (!SCT_is_complete(sct)) {
         CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
@@ -224,7 +224,7 @@ int i2o_SCT(const SCT *sct, unsigned char **out)
         p = *out;
         *out += len;
     } else {
-        p = OPENSSL_malloc(len);
+        pstart = p = OPENSSL_malloc(len);
         if (p == NULL) {
             CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -250,7 +250,7 @@ int i2o_SCT(const SCT *sct, unsigned char **out)
 
     return len;
 err:
-    OPENSSL_free(p);
+    OPENSSL_free(pstart);
     return -1;
 }
 


More information about the openssl-commits mailing list