If it was discovered before the LibreSSL fork, there's a good chance
it has been fixed, otherwise the move from non-standard malloc
functions has probably nipped this one in the bud.  That's my guess
based on what I know about LibreSSL.

On Fri, Oct 14, 2016 at 3:55 PM, Peter Janos <peterjan...@mail.com> wrote:
> Hello gods,
> http://seclists.org/fulldisclosure/2016/Oct/62
> ->
> https://github.com/guidovranken/openssl-x509-vulnerabilities
> a little bit old, but LibreSSL got this?
> The original X509_NAME decode free code was buggy: this
> could result in double free or leaks if a malloc failure
> occurred.
> Simplify and fix the logic.
> Thanks to Guido Vranken for reporting this issue.
> Reviewed-by: Matt Caswell <m...@openssl.org>
> (Merged from #1691)
> Thanks!

Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Reply via email to