projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
b1d7eaa
)
Fix a double free in tls1_setup_key_block
author
Matt Caswell
<matt@openssl.org>
Thu, 5 May 2016 08:35:10 +0000
(09:35 +0100)
committer
Matt Caswell
<matt@openssl.org>
Thu, 19 May 2016 19:55:55 +0000
(20:55 +0100)
If p2 == NULL then p1 can get freed twice and a crash could occur.
Issue reported by Shi Lei (Qihoo 360 Inc)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
ssl/t1_enc.c
patch
|
blob
|
history
diff --git
a/ssl/t1_enc.c
b/ssl/t1_enc.c
index 514fcb3e4e74c4ae3a8c84b9db7eb06c8d116c71..b6d1ee95a5212b3f11f433c5a02a541b5c2074db 100644
(file)
--- a/
ssl/t1_enc.c
+++ b/
ssl/t1_enc.c
@@
-673,7
+673,6
@@
int tls1_setup_key_block(SSL *s)
if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(p1);
goto err;
}
#ifdef TLS_DEBUG
projects / openssl.git / commitdiff