Package: nufw Version: 2.4.3
Source: nufw
The bug is caused because of wrongly checking the return value of
'ASN1_STRING_to_UTF8()' in
nufw/src/libs/nussl/nussl_openssl.c:113-114.
According to the openssl API document, we should use 'OPENSSL_free()'
when 'len>=0'. So the patch should be:
113: len = ASN1_STRING_to_UTF8(&tmp, str);
114: - if (len > 0) {
114: + if (len >= 0) {
This is similar to CVE-2017-7521.
I learned from the source of the 'ChangeLog' file that my nufw version :2.4.3.
