This patch NULL's the "param" and "tree" pointers in the x509 store context to
avoid double frees and other nasties if the X509_STORE_CTX_cleanup get's called
twice...
Since, I'm in the US I've already submitted the PATCH to the TSU
--- openssl-0.9.8d.orig/crypto/x509/x509_vfy.c 2005-06-15 19:05:57.000000000
-0700
+++ openssl-0.9.8d/crypto/x509/x509_vfy.c 2007-02-05 13:11:00.000000000
-0800
@@ -1460,9 +1460,16 @@
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
{
if (ctx->cleanup) ctx->cleanup(ctx);
- X509_VERIFY_PARAM_free(ctx->param);
- if (ctx->tree)
+ if (ctx->param != NULL)
+ {
+ X509_VERIFY_PARAM_free(ctx->param);
+ ctx->param=NULL;
+ }
+ if (ctx->tree != NULL)
+ {
X509_policy_tree_free(ctx->tree);
+ ctx->tree=NULL;
+ }
if (ctx->chain != NULL)
{
sk_X509_pop_free(ctx->chain,X509_free);
--- openssl-0.9.8d.orig/crypto/x509/x509_vfy.c 2005-06-15 19:05:57.000000000 -0700
+++ openssl-0.9.8d/crypto/x509/x509_vfy.c 2007-02-05 13:11:00.000000000 -0800
@@ -1460,9 +1460,16 @@
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
{
if (ctx->cleanup) ctx->cleanup(ctx);
- X509_VERIFY_PARAM_free(ctx->param);
- if (ctx->tree)
+ if (ctx->param != NULL)
+ {
+ X509_VERIFY_PARAM_free(ctx->param);
+ ctx->param=NULL;
+ }
+ if (ctx->tree != NULL)
+ {
X509_policy_tree_free(ctx->tree);
+ ctx->tree=NULL;
+ }
if (ctx->chain != NULL)
{
sk_X509_pop_free(ctx->chain,X509_free);