The branch OpenSSL_1_1_1-stable has been updated
via e41290cfc007b833b393864cf12e0d8d815b7081 (commit)
from a3dea76f742896b7d75a0c0529c0af1e628bd853 (commit)
- Log -----------------------------------------------------------------
commit e41290cfc007b833b393864cf12e0d8d815b7081
Author: Pauli <[email protected]>
Date: Mon Apr 19 08:57:18 2021 +1000
engine: fix double free on error path.
In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at
line 481.
If function new_EMBEDDED() returns a null pointer at line 483, the
execution will goto nop8.
In the nop8 branch, p8 is freed again at line 491.
Bug reported by @Yunlongs
Fixes #14915
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/14921)
(cherry picked from commit efe8d69daa1a68be0a7f0f73220947c848e7ed1d)
-----------------------------------------------------------------------
Summary of changes:
crypto/store/loader_file.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 9c9e3bd085..258f71afec 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -370,6 +370,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const
char *pem_name,
mem->data = (char *)new_data;
mem->max = mem->length = (size_t)new_data_len;
X509_SIG_free(p8);
+ p8 = NULL;
store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
if (store_info == NULL) {
