Fix double frees.

author mancha <mancha1@zoho.com>

Tue, 22 Apr 2014 12:11:56 +0000 (13:11 +0100)

committer Ben Laurie <ben@links.org>

Tue, 22 Apr 2014 21:52:26 +0000 (22:52 +0100)
author mancha <mancha1@zoho.com>
Tue, 22 Apr 2014 12:11:56 +0000 (13:11 +0100)
committer Ben Laurie <ben@links.org>
Tue, 22 Apr 2014 21:52:26 +0000 (22:52 +0100)
diff --git a/CHANGES b/CHANGES

index edea4a10b6ac2cb05180768ff8f953aecde0e82d..b2d3d98e439989f643b9376748cf0dd49de310fa 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
  
   Changes between 1.0.0l and 1.0.0m [xx XXX xxxx]
  
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
    *) Fix for the attack described in the paper "Recovering OpenSSL
       ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
       by Yuval Yarom and Naomi Benger. Details can be obtained from:
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c

index 2ec83ed2001d920761a1fbe993371f8a1395396d..0e361e7e7f7a8c42f54aa1b11a5dbf414ce87d28 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -922,6 +922,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
         if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
                 goto err;
         OPENSSL_free(abuf);
+       abuf = NULL;
         if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                 goto err;
         abuf = OPENSSL_malloc(siglen);
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c

index e1f3b534afbc9523c09b4f93a999fb01c2e5e785..30dab7b1b6b876c0cc6d42b910663fff52402e78 100644 (file)
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -626,6 +626,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
         X509_ALGOR_free(*md_alg);
         OPENSSL_free(*imprint);
         *imprint_len = 0;
+       *imprint = NULL;
         return 0;
         }
  
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c

index 0c66d707a2621b979696911c176dc0fc724e0890..b15970bf8dc100632c18ab4ff61770fea1f7349b 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -1197,6 +1197,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                             (unsigned char *)encodedPoint, 
                             encodedlen);
                         OPENSSL_free(encodedPoint);
+                       encodedPoint = NULL;
                         p += encodedlen;
                         }
  #endif
author	mancha <mancha1@zoho.com>
	Tue, 22 Apr 2014 12:11:56 +0000 (13:11 +0100)
committer	Ben Laurie <ben@links.org>
	Tue, 22 Apr 2014 21:52:26 +0000 (22:52 +0100)
CHANGES		patch \| blob \| history
crypto/pkcs7/pk7_doit.c		patch \| blob \| history
crypto/ts/ts_rsp_verify.c		patch \| blob \| history
ssl/d1_srvr.c		patch \| blob \| history