mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-19 08:23:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

Avoid dangling ptrs in header and data params for PEM_read_bio_ex

Browse Source 
In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
This commit is contained in:
Matt Caswell 2022-12-13 14:54:55 +00:00 committed by Tomas Mraz
parent b1892d21f8
commit ee6243f394
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/pem/pem_lib.c
View File

@ -995,7 +995,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
out_free:
PEM_FREE(*header, flags, 0);
*header = NULL;
PEM_FREE(*data, flags, 0);
*data = NULL;
end:
EVP_ENCODE_CTX_free(ctx);
PEM_FREE(name, flags, 0);