This patch NULL's the "param" and "tree" pointers in the x509 store context to 
avoid double frees and other nasties if the X509_STORE_CTX_cleanup get's called 
twice...

Since, I'm in the US I've already submitted the PATCH to the TSU

--- openssl-0.9.8d.orig/crypto/x509/x509_vfy.c  2005-06-15 19:05:57.000000000 
-0700
+++ openssl-0.9.8d/crypto/x509/x509_vfy.c       2007-02-05 13:11:00.000000000 
-0800
@@ -1460,9 +1460,16 @@
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
        {
        if (ctx->cleanup) ctx->cleanup(ctx);
-       X509_VERIFY_PARAM_free(ctx->param);
-       if (ctx->tree)
+       if (ctx->param != NULL)
+               {
+               X509_VERIFY_PARAM_free(ctx->param);
+               ctx->param=NULL;
+               }
+       if (ctx->tree != NULL)
+               {
                X509_policy_tree_free(ctx->tree);
+               ctx->tree=NULL;
+               }
        if (ctx->chain != NULL)
                {
                sk_X509_pop_free(ctx->chain,X509_free);


--- openssl-0.9.8d.orig/crypto/x509/x509_vfy.c	2005-06-15 19:05:57.000000000 -0700
+++ openssl-0.9.8d/crypto/x509/x509_vfy.c	2007-02-05 13:11:00.000000000 -0800
@@ -1460,9 +1460,16 @@
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 	{
 	if (ctx->cleanup) ctx->cleanup(ctx);
-	X509_VERIFY_PARAM_free(ctx->param);
-	if (ctx->tree)
+	if (ctx->param != NULL)
+		{
+		X509_VERIFY_PARAM_free(ctx->param);
+		ctx->param=NULL;
+		}
+	if (ctx->tree != NULL)
+		{
 		X509_policy_tree_free(ctx->tree);
+		ctx->tree=NULL;
+		}
 	if (ctx->chain != NULL)
 		{
 		sk_X509_pop_free(ctx->chain,X509_free);

Reply via email to