Hi,
NCONF_free(cnf) is again called later when errors are handled,
which would lead to double free of cnf.
Spotted by Coverity checker.
Ciao, Marcus
--- apps/asn1pars.c.xx 2011-05-18 14:40:29.000000000 +0200
+++ apps/asn1pars.c 2011-05-18 14:40:43.000000000 +0200
@@ -408,6 +408,7 @@
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
+ cnf = NULL;
if (!atyp)
return -1;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
