[openssl-commits] [openssl] master update

Mon Oct 30 16:10:30 UTC 2017

The branch master has been updated
       via  f403feea11d1ea26fd5b7d9732361cfc3f9f91a9 (commit)
       via  85155346b3ca2dcdecf018dc8db9df94ceebeb0d (commit)
      from  23fa978994b52ac60c1fcbe1e094d65d7c78c7bb (commit)


- Log -----------------------------------------------------------------
commit f403feea11d1ea26fd5b7d9732361cfc3f9f91a9
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri Oct 27 09:54:14 2017 -0500

    Prevent NULL dereference in async clear-fd code
    
    If the list of fds contains only (one or more) entries marked
    as deleted prior to the entry currently being deleted, and the
    entry currently being deleted was only just added, the 'prev'
    pointer would never be updated from its initial NULL value, and
    we would dereference NULL while trying to remove the entry from
    the linked list.
    
    Reported by Coverity.
    
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    (Merged from https://github.com/openssl/openssl/pull/4602)

commit 85155346b3ca2dcdecf018dc8db9df94ceebeb0d
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri Oct 27 09:52:06 2017 -0500

    Fix memory leak in crltest error case
    
    This would cut out some distracting noise in the test output
    if we ended up hitting these error cases.
    
    Reported by Coverity.
    
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    (Merged from https://github.com/openssl/openssl/pull/4602)

-----------------------------------------------------------------------

Summary of changes:
 crypto/async/async_wait.c | 1 +
 test/crltest.c            | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c
index e115985..a88c2db 100644
--- a/crypto/async/async_wait.c
+++ b/crypto/async/async_wait.c
@@ -145,6 +145,7 @@ int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
     while (curr != NULL) {
         if (curr->del == 1) {
             /* This one has been marked deleted already so do nothing */
+            prev = curr;
             curr = curr->next;
             continue;
         }
diff --git a/test/crltest.c b/test/crltest.c
index 5ea9cdc..738ca23 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -267,6 +267,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
     if (flags)
         X509_VERIFY_PARAM_set_flags(param, flags);
     X509_STORE_CTX_set0_param(ctx, param);
+    param = NULL;
 
     ERR_clear_error();
     status = X509_verify_cert(ctx) == 1 ? X509_V_OK
@@ -274,6 +275,7 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
 err:
     sk_X509_pop_free(roots, X509_free);
     sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    X509_VERIFY_PARAM_free(param);
     X509_STORE_CTX_free(ctx);
     X509_STORE_free(store);
     return status;
