[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Feb 21 12:26:16 UTC 2018
The branch master has been updated
via 59053968e756e9063c512fba59717c32621e3f1a (commit)
via abcf241114c4dc33af95288ae7f7d10916c67db0 (commit)
from 8db7946ee879ce483f4c81141926e1357aa6b941 (commit)
- Log -----------------------------------------------------------------
commit 59053968e756e9063c512fba59717c32621e3f1a
Author: Pavel Kopyl <p.kopyl at samsung.com>
Date: Fri Nov 3 22:18:35 2017 +0300
do_body: fix heap-use-after-free.
The memory pointed to by the 'push' is freed by the
X509_NAME_ENTRY_free() in do_body(). The second time
it is referenced to (indirectly) in certify_cert:X509_REQ_free().
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4698)
commit abcf241114c4dc33af95288ae7f7d10916c67db0
Author: Pavel Kopyl <p.kopyl at samsung.com>
Date: Tue Nov 7 15:28:18 2017 +0300
X509V3_EXT_add_nconf_sk, X509v3_add_ext: fix errors handling
X509v3_add_ext: free 'sk' if the memory pointed to by it
was malloc-ed inside this function.
X509V3_EXT_add_nconf_sk: return an error if X509v3_add_ext() fails.
This prevents use of a freed memory in do_body:sk_X509_EXTENSION_num().
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4698)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 1 -
crypto/x509/x509_v3.c | 3 ++-
crypto/x509v3/v3_conf.c | 8 ++++++--
3 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 26c0778..2819fea 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1556,7 +1556,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) {
- X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index a09b0ce..b439030 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -128,7 +128,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
err2:
X509_EXTENSION_free(new_ex);
- sk_X509_EXTENSION_free(sk);
+ if (x != NULL && *x == NULL)
+ sk_X509_EXTENSION_free(sk);
return NULL;
}
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 711ff02..59caa31 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -313,8 +313,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
return 0;
if (ctx->flags == X509V3_CTX_REPLACE)
delete_ext(*sk, ext);
- if (sk)
- X509v3_add_ext(sk, ext, -1);
+ if (sk != NULL) {
+ if (X509v3_add_ext(sk, ext, -1) == NULL) {
+ X509_EXTENSION_free(ext);
+ return 0;
+ }
+ }
X509_EXTENSION_free(ext);
}
return 1;
More information about the openssl-commits
mailing list