diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-09 11:38:41 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-02-25 17:46:20 +0000 |
commit | 89117535f1bb3ea72a17933b703271587d7aaf0b (patch) | |
tree | 4ad13d8a0ba06dc974ed7b927c518a205c7c6d26 | |
parent | 08a2df480de1eae8d59ee4820257970f4158d912 (diff) | |
download | openssl-new-89117535f1bb3ea72a17933b703271587d7aaf0b.tar.gz |
Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-rw-r--r-- | crypto/ec/ec_asn1.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 292437409f..1088e8916e 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1033,8 +1033,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1102,10 +1100,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } |