In many scenerios the context will still have a reference to the cipher, so
this use-after-free does not explode but it is still wrong.
Change-Id: I59002d6613eaef36d5a47b20b56073e399cfa1df
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/crypto_openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index c2ac80b74..8fe56fc78 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -839,11 +839,12 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key,
crypto_msg(M_FATAL, "EVP cipher init #2");
}
- EVP_CIPHER_free(kt);
/* make sure we used a big enough key */
ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt));
+ EVP_CIPHER_free(kt);
}
+
int
cipher_ctx_iv_length(const EVP_CIPHER_CTX *ctx)
{
--
2.39.2 (Apple Git-143)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
