Fix bug which would free up a public key
authorDr. Stephen Henson <steve@openssl.org>
Thu, 2 Mar 2000 00:37:53 +0000 (00:37 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 2 Mar 2000 00:37:53 +0000 (00:37 +0000)
twice if the verify callback tried to
continue after a signature failure.

crypto/x509/x509_vfy.c

index 4fdff54..8563f65 100644 (file)
@@ -436,11 +436,14 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                }
                        if (X509_verify(xs,pkey) <= 0)
                                {
-                               EVP_PKEY_free(pkey);
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
                                ctx->current_cert=xs;
                                ok=(*cb)(0,ctx);
-                               if (!ok) goto end;
+                               if (!ok)
+                                       {
+                                       EVP_PKEY_free(pkey);
+                                       goto end;
+                                       }
                                }
                        EVP_PKEY_free(pkey);
                        pkey=NULL;