[openssl/openssl] 90e67e: Fix freshly introduced double-free.
openssl-machine
noreply at github.com
Wed Nov 29 09:41:08 UTC 2023
Branch: refs/heads/openssl-3.2
Home: https://github.com/openssl/openssl
Commit: 90e67e726f76ad378a514518b0c3b5256d67abfa
https://github.com/openssl/openssl/commit/90e67e726f76ad378a514518b0c3b5256d67abfa
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: 2023-11-29 (Wed, 29 Nov 2023)
Changed paths:
M ssl/ssl_lib.c
M test/danetest.in
Log Message:
-----------
Fix freshly introduced double-free.
We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.
Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0
Reported by Claus Assmann.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
(cherry picked from commit f636e7e6bd8e06c6d84e42729b4131b4f5df488f)
More information about the openssl-commits
mailing list