CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2020/11/18 10:54:46
Modified files:
lib/libcrypto/x509: x509_verify.c
Log message:
Plug leak in x509_verify_chain_dup()
x509_verify_chain_new() allocates a few members of a certificate chain:
an empty stack of certificates, a list of errors encountered while
validating the chain, and a list of name constraints. The function to
copy a chain would allocate a new chain using x509_verify_chain_new()
and then clobber its members by copies of the old chain. Fix this by
replacing x509_verify_chain_new() with calloc().
Found by review while investigating the report by Hanno Zysik who
found the same leak using valgrind. This is a cleaner version of
my initial fix from jsing.
ok jsing
