Hi All,
>From OpenSSL RT:
http://rt.openssl.org/Ticket/Display.html?id=3278&user=guest&pass=guest
len can be 0 as well, and in which case, memory isn't freed.
Patch from Frantisek Boranek:
Index: lib/libssl/src/crypto/pkcs12/p12_kiss.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c,v
retrieving revision 1.12
diff -u -p -u -p -r1.12 p12_kiss.c
--- lib/libssl/src/crypto/pkcs12/p12_kiss.c 17 Apr 2014 13:37:49 -0000
1.12
+++ lib/libssl/src/crypto/pkcs12/p12_kiss.c 4 Jun 2014 09:08:37 -0000
@@ -269,7 +269,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag
int len, r;
unsigned char *data;
len = ASN1_STRING_to_UTF8(&data, fname);
- if(len > 0) {
+ if(len >= 0) {
r = X509_alias_set1(x509, data, len);
free(data);
if (!r)
