[openssl] openssl-3.0 update
tomas at openssl.org
tomas at openssl.org
Mon Oct 25 09:43:39 UTC 2021
The branch openssl-3.0 has been updated
via ea7a9084e4cb081240fab6fb4f2374b538dc14ec (commit)
from dd9add06e794ba5f54c68d0d98ea90b6ff3140f6 (commit)
- Log -----------------------------------------------------------------
commit ea7a9084e4cb081240fab6fb4f2374b538dc14ec
Author: Tomas Mraz <tomas at openssl.org>
Date: Fri Oct 22 09:38:18 2021 +0200
OCSP_sendreq_bio: Avoid doublefree of mem BIO
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16886)
(cherry picked from commit f99b34957f4173f68d6f19d0d9fac37d797b7e0c)
-----------------------------------------------------------------------
Summary of changes:
crypto/ocsp/ocsp_http.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c
index 28166d3a17..e8b6406d3c 100644
--- a/crypto/ocsp/ocsp_http.c
+++ b/crypto/ocsp/ocsp_http.c
@@ -58,13 +58,11 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
if (ctx == NULL)
return NULL;
mem = OSSL_HTTP_REQ_CTX_exchange(ctx);
- resp = (OCSP_RESPONSE *)
- ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE), mem, NULL);
- BIO_free(mem);
+ /* ASN1_item_d2i_bio handles NULL bio gracefully */
+ resp = (OCSP_RESPONSE *)ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE),
+ mem, NULL);
- /* this indirectly calls ERR_clear_error(): */
OSSL_HTTP_REQ_CTX_free(ctx);
-
return resp;
}
#endif /* !defined(OPENSSL_NO_OCSP) */
More information about the openssl-commits
mailing list