[openssl-commits] [openssl] master update

Dr . Stephen Henson Thu, 07 Apr 2016 11:24:47 -0700

The branch master has been updated
       via  6afef8b1fb679df7d6a8606d713192c9907b1890 (commit)
      from  d1094383df07cc8ae266c04cf3ace782447b4d5b (commit)



- Log -----------------------------------------------------------------
commit 6afef8b1fb679df7d6a8606d713192c9907b1890
Author: David Benjamin <[email protected]>
Date:   Mon Mar 14 15:03:07 2016 -0400

    Fix memory leak on invalid CertificateRequest.
    
    Free up parsed X509_NAME structure if the CertificateRequest message
    contains excess data.
    
    The security impact is considered insignificant. This is a client side
    only leak and a large number of connections to malicious servers would
    be needed to have a significant impact.
    
    This was found by libFuzzer.
    
    Reviewed-by: Emilia Käsper <[email protected]>
    Reviewed-by: Stephen Henson <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 73f54bc..4806e67 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1863,6 +1863,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL 
*s, PACKET *pkt)
             SSLerr(SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, 
ERR_R_MALLOC_FAILURE);
             goto err;
         }
+        xn = NULL;
     }
 
     /* we should setup a certificate to return.... */
@@ -1877,6 +1878,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL 
*s, PACKET *pkt)
  err:
     ossl_statem_set_error(s);
  done:
+    X509_NAME_free(xn);
     sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
     return ret;
 }
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

Reply via email to