projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2bd6112) | patch
Fix a UAF resulting from a bug in BIO_new_NDEF
authorMatt Caswell <matt@openssl.org>
Wed, 14 Dec 2022 16:18:14 +0000 (16:18 +0000)
committerRichard Levitte <levitte@openssl.org>
Fri, 3 Feb 2023 10:22:47 +0000 (11:22 +0100)
commitc3829dd8825c654652201e16f8a0a0c46ee3f344
tree8ad3cebdf1eb1e69996e76d9e387f024ad89583etree | snapshot
parent2bd611267868a008afa576846ba71566bd0d4d15commit | diff
Fix a UAF resulting from a bug in BIO_new_NDEF

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
crypto/asn1/bio_ndef.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.