projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cbafa34) | patch
Fix a UAF resulting from a bug in BIO_new_NDEF
authorMatt Caswell <matt@openssl.org>
Wed, 14 Dec 2022 16:18:14 +0000 (16:18 +0000)
committerTomas Mraz <tomas@openssl.org>
Fri, 3 Feb 2023 11:38:44 +0000 (12:38 +0100)
commit8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
tree37884f6ff6569e336e9e465cb7f003b124d72af8tree | snapshot
parentcbafa34b5a057794c5c08cd4657038e1f643c1accommit | diff
Fix a UAF resulting from a bug in BIO_new_NDEF

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/asn1/bio_ndef.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.