[openssl-dev] [openssl.org #4527] Bug in d2i_PrivateKey (openssl-1.1.0-pre5)
Harry Reimann via RT
rt at openssl.org
Mon May 2 12:33:25 UTC 2016
There is a bug in the implementation of d2i_PrivateKey in
crypto/asn1/d2i_pr.c.
If the function is called with *a != NULL and returns NULL, the value of
*a is not changed, but the EVP_PKEY it refers to might have been freed or
not depending on whether line 100 was reached or not. If the caller makes
the wrong guess this can result in a crash due to a double free or in a
memory leak.
Best regards
Harry Reimann
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4527
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list