projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dc341a4) | patch
Fix a UAF resulting from a bug in BIO_new_NDEF
authorMatt Caswell <matt@openssl.org>
Wed, 14 Dec 2022 16:18:14 +0000 (16:18 +0000)
committerTomas Mraz <tomas@openssl.org>
Tue, 7 Feb 2023 16:05:10 +0000 (17:05 +0100)
commit9cc85002a1138235bdc272b837d7eb32d6b7aa95
tree2d8278243a452cb1c7e6abd2d0acc592333f5b0dtree | snapshot
parentdc341a46677fe19f055bd2eea0e3a2af21053903commit | diff
Fix a UAF resulting from a bug in BIO_new_NDEF

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/asn1/bio_ndef.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.