CVSROOT: /cvs
Module name: src
Changes by: schwa...@cvs.openbsd.org 2021/11/19 00:49:27
Modified files:
lib/libcrypto/x509: x509_lu.c
Log message:
As long as X509_OBJECT_free_contents(3) is a public API function,
make sure it fully re-initializes the object rather than leaving
behind a stale pointer and a stale type in the object.
The old behaviour was dangerous because X509_OBJECT_get_type(3)
would then return the stale type to the user and one of
X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would
then return the stale pointer to the user, provoking a use-after-free
bug in the application program. Having these functions return
X509_LU_NONE and NULL is better because those are the documented
return values for these functions when the object is empty.
OK tb@
