[openssl/openssl] 928893: Fix a possible use-after-free in custom_exts_free
Bernd Edlinger
noreply at github.com
Wed Nov 22 08:38:14 UTC 2023
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 92889328fbbb2344339f7c90afc449f6eb9b11a6
https://github.com/openssl/openssl/commit/92889328fbbb2344339f7c90afc449f6eb9b11a6
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: 2023-11-22 (Wed, 22 Nov 2023)
Changed paths:
M ssl/statem/extensions_cust.c
Log Message:
-----------
Fix a possible use-after-free in custom_exts_free
This may happen when ssl_cert_dup calls custom_exts_copy, where
a possible memory allocation error causes custom_exts_free
to be called twice: once in the error handling of custom_exts_copy
and a second time in the error handling of ssl_cert_dup.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
(cherry picked from commit bc0773bbbd4d3ace6957385f1f22a5cda25dc94f)
More information about the openssl-commits
mailing list