From: mancha <mancha1@zoho.com>
Date: Tue, 22 Apr 2014 12:11:56 +0000 (+0100)
Subject: Fix double frees.
X-Git-Tag: OpenSSL_1_0_0m~57
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=da8f10881e3bb3b0ec5a7ad83962718f1d999d19;p=openssl

Fix double frees.

Conflicts:
	CHANGES
---

diff --git a/CHANGES b/CHANGES
index edea4a10b6..b2d3d98e43 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 1.0.0l and 1.0.0m [xx XXX xxxx]
 
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
   *) Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 2ec83ed200..0e361e7e7f 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -922,6 +922,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 	if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
 		goto err;
 	OPENSSL_free(abuf);
+	abuf = NULL;
 	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
 		goto err;
 	abuf = OPENSSL_malloc(siglen);
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index e1f3b534af..30dab7b1b6 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -626,6 +626,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
 	X509_ALGOR_free(*md_alg);
 	OPENSSL_free(*imprint);
 	*imprint_len = 0;
+	*imprint = NULL;
 	return 0;
 	}
 
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 0c66d707a2..b15970bf8d 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -1197,6 +1197,7 @@ int dtls1_send_server_key_exchange(SSL *s)
 			    (unsigned char *)encodedPoint, 
 			    encodedlen);
 			OPENSSL_free(encodedPoint);
+			encodedPoint = NULL;
 			p += encodedlen;
 			}
 #endif