OCSP_parse_url has a bad sequence of initializing the parameter
returns and buf strdupping + error handling.
If the first error handling triggers, it will access the
3 argument pointers uninitialized memory.
(the goto mem_err; patch will free **pport et.al.)
found by Coverity scanner.
Ciao, Marcus
--- crypto/ocsp/ocsp_lib.c.xx 2011-05-18 14:17:25.000000000 +0200
+++ crypto/ocsp/ocsp_lib.c 2011-05-18 14:17:34.000000000 +0200
@@ -170,14 +170,14 @@
char *host, *port;
- /* dup the buffer since we are going to mess with it */
- buf = BUF_strdup(url);
- if (!buf) goto mem_err;
-
*phost = NULL;
*pport = NULL;
*ppath = NULL;
+ /* dup the buffer since we are going to mess with it */
+ buf = BUF_strdup(url);
+ if (!buf) goto mem_err;
+
/* Check for initial colon */
p = strchr(buf, ':');
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
