summaryrefslogtreecommitdiffstats
path: root/crypto/ct
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2017-01-29 08:52:02 +0100
committerRichard Levitte <levitte@openssl.org>2017-01-29 15:31:01 +0100
commitd85d3c993e322d3e4c3f00be2910faa8c55b40e3 (patch)
tree563c5e2f6ffd792563613822d2a138d793c915ac /crypto/ct
parenttest/evp_test.c: If no algorithm was specified, don't try to check for DES (diff)
downloadopenssl-d85d3c993e322d3e4c3f00be2910faa8c55b40e3.tar.xz
openssl-d85d3c993e322d3e4c3f00be2910faa8c55b40e3.zip
Fix faulty free
On error, i2o_SCT_signature() and i2o_SCT() free a pointer that may have wandered off from the start of the allocated block (not currently true for i2o_SCT_signature(), but has that potential as the code may change. To avoid this, save away the start of the allocated block and free that instead. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2323)
Diffstat (limited to 'crypto/ct')
-rw-r--r--crypto/ct/ct_oct.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index d3edd39f5d..0dd691c0f7 100644
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -153,7 +153,7 @@ err:
int i2o_SCT_signature(const SCT *sct, unsigned char **out)
{
size_t len;
- unsigned char *p = NULL;
+ unsigned char *p = NULL, *pstart = NULL;
if (!SCT_signature_is_complete(sct)) {
CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
@@ -177,7 +177,7 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out)
p = *out;
*out += len;
} else {
- p = OPENSSL_malloc(len);
+ pstart = p = OPENSSL_malloc(len);
if (p == NULL) {
CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
goto err;
@@ -193,14 +193,14 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out)
return len;
err:
- OPENSSL_free(p);
+ OPENSSL_free(pstart);
return -1;
}
int i2o_SCT(const SCT *sct, unsigned char **out)
{
size_t len;
- unsigned char *p = NULL;
+ unsigned char *p = NULL, *pstart = NULL;
if (!SCT_is_complete(sct)) {
CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
@@ -224,7 +224,7 @@ int i2o_SCT(const SCT *sct, unsigned char **out)
p = *out;
*out += len;
} else {
- p = OPENSSL_malloc(len);
+ pstart = p = OPENSSL_malloc(len);
if (p == NULL) {
CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
goto err;
@@ -250,7 +250,7 @@ int i2o_SCT(const SCT *sct, unsigned char **out)
return len;
err:
- OPENSSL_free(p);
+ OPENSSL_free(pstart);
return -1;
}