[openssl] OpenSSL_1_1_1-stable update

Dr. Paul Dale pauli at openssl.org
Tue Apr 20 23:21:39 UTC 2021

The branch OpenSSL_1_1_1-stable has been updated
       via  e41290cfc007b833b393864cf12e0d8d815b7081 (commit)
      from  a3dea76f742896b7d75a0c0529c0af1e628bd853 (commit)

- Log -----------------------------------------------------------------
commit e41290cfc007b833b393864cf12e0d8d815b7081
Author: Pauli <pauli at openssl.org>
Date:   Mon Apr 19 08:57:18 2021 +1000

    engine: fix double free on error path.
    In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481.
    If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8.
    In the nop8 branch, p8 is freed again at line 491.
    Bug reported by @Yunlongs
    Fixes #14915
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14921)
    (cherry picked from commit efe8d69daa1a68be0a7f0f73220947c848e7ed1d)


Summary of changes:
 crypto/store/loader_file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 9c9e3bd085..258f71afec 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -370,6 +370,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
     mem->data = (char *)new_data;
     mem->max = mem->length = (size_t)new_data_len;
+    p8 = NULL;
     store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
     if (store_info == NULL) {

More information about the openssl-commits mailing list