[openssl-dev] [openssl.org #3774] Double free in dsa_priv_encode
Martin Vejnár via RT
rt at openssl.org
Tue Mar 31 04:19:30 UTC 2015
Hi,
in version 1.0.2, in crypto/dsa/dsa/ameth.c, line 318 frees `prkey`, which may be freed again on line 332 if the call on line 320 fails.
318 ASN1_INTEGER_free(prkey);
319
320 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
321 V_ASN1_SEQUENCE, params, dp, dplen))
322 goto err;
323
324 return 1;
325
326 err:
327 if (dp != NULL)
328 OPENSSL_free(dp);
329 if (params != NULL)
330 ASN1_STRING_free(params);
331 if (prkey != NULL)
332 ASN1_INTEGER_free(prkey);
--
Martin
More information about the openssl-dev
mailing list