[openssl-dev] [openssl.org #4446] [openssl 1.1.0] Memory handling inside ASN1_item_sign_ctx()

Schüller Felix via RT rt at openssl.org
Fri Mar 18 12:59:23 UTC 2016


I discovered an unexpected behavior of ASN1_item_sign_ctx(). This function frees the given EVP_MD_CTX, which is not documented
(expect in apps/req.c ...). This behavior induces high risks of double-freeing the EVP_MD_CTX or memory leaks (you have to check
the return value of 'X509.*_sign_ctx()' and decide whether to free the EVP_MD_CTX or not.)

The attached diff (created for 1.1.0-pre4) changes the behavior of ASN1_item_sign_ctx()
into the expected and applies the needed simplifications in apps/req.c.

Kind regards

  Felix Schüller

Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4446
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl-asn1.diff
Type: application/octet-stream
Size: 2845 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160318/d8d28621/attachment.obj>

More information about the openssl-dev mailing list