From: Lev Stipakov <l...@openvpn.net> Fixes a potential double-free issue in tls_ctx_load_cert_uri() by explicitly nullifying the pointer immediately after calling OSSL_STORE_INFO_free(info).
This ensures that subsequent cleanup won't attempt to free the same pointer again. GitHub: #726 Change-Id: I4507be07cd5573b2117e837ef03187535a38a4b1 Signed-off-by: Lev Stipakov <l...@openvpn.net> Acked-by: Antonio Quartulli <anto...@mandelbit.com> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/942 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli <anto...@mandelbit.com> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d1d5d3e..f7be50c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1152,6 +1152,7 @@ goto end; } OSSL_STORE_INFO_free(info); + info = NULL; /* iterate through the store and add extra certificates if any to the chain */ while (!OSSL_STORE_eof(store_ctx)) @@ -1170,6 +1171,7 @@ break; } OSSL_STORE_INFO_free(info); + info = NULL; } end: _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel