openssl

mirror of https://github.com/openssl/openssl.git synced 2024-11-28 04:25:31 +08:00

History

Pauli db78c84eb2 ts: fix double free on error path. In function int_ts_RESP_verify_token, if (flags & TS_VFY_DATA) is true, function ts_compute_imprint() will be called at line 299. In the implementation of ts_compute_imprint, it allocates md_alg at line 406. But after the allocation, if the execution goto err, then md_alg will be freed in the first time by X509_ALGOR_free at line 439. After that, ts_compute_imprint returns 0 and the execution goto err branch of int_ts_RESP_verify_token. In the err branch, md_alg will be freed in the second time at line 320. Bug reported by @Yunlongs Fixes #14914 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14921)		2021-04-21 09:17:22 +10:00
..
build.info	unified build scheme: add build.info files	2016-02-01 12:46:58 +01:00
ts_asn1.c	Update copyright year	2020-11-26 14:18:57 +00:00
ts_conf.c	CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data()	2020-11-13 09:35:31 +01:00
ts_err.c	ERR: Rebuild all generated error headers and source files	2020-11-24 15:22:33 +01:00
ts_lib.c	Reorganize local header files	2019-09-28 20:26:35 +02:00
ts_local.h	Update copyright year	2021-04-08 13:04:41 +01:00
ts_req_print.c	Reorganize local header files	2019-09-28 20:26:35 +02:00
ts_req_utils.c	Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call	2020-11-13 09:35:02 +01:00
ts_rsp_print.c	Fix safestack issues in conf.h	2020-09-13 11:11:20 +01:00
ts_rsp_sign.c	Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()	2021-04-18 10:10:24 +02:00
ts_rsp_utils.c	Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call	2020-11-13 09:35:02 +01:00
ts_rsp_verify.c	ts: fix double free on error path.	2021-04-21 09:17:22 +10:00
ts_verify_ctx.c	Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call	2020-11-13 09:35:02 +01:00