Hello all,
There is a minor issue with X509_STORE_CTX_init and its usage. Most of the
callers of X509_STORE_CTX_init use a stack variable and pass its address as the
ctx argument to this function. However, X509_STORE_CTX_init in case of an
error in the call to CRYPTO_new_ex_data does an OPENSSL_free on this stack
variable. This in theory should be ok as the underlying free implementation
should probably be a no-op as this address is from the stack.
However, on systems that does strict checks on allocated memory heap this can
be a problem. One potential fix could be to remove the OPENSSL_free and let
the caller take responsibility for his memory.
Thanks.
Srinivas
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
