diff options
| author | Volker Lendecke <vl@samba.org> | 2013-11-11 10:21:54 +0000 |
|---|---|---|
| committer | David Disseldorp <ddiss@samba.org> | 2013-11-14 19:17:06 +0100 |
| commit | 0d5f217cfe03df7258be37adf0f20067a8e30fa8 (patch) | |
| tree | 0d0f1833b028d9fed385059dbef5ff34dcce4eee /source4 | |
| parent | 671a2fa3f8f35484f9d0635566b081887c8ffbe8 (diff) | |
| download | samba-0d5f217cfe03df7258be37adf0f20067a8e30fa8.tar.gz | |
heimdal: Fix CID 745516 Use after free
If the loop is exited normally, i.e. we did not find anything proper
within DH_NUM_TRIES, we try to BN_free a second time.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Nov 14 19:17:06 CET 2013 on sn-devel-104
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/heimdal/lib/hcrypto/dh-ltm.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/heimdal/lib/hcrypto/dh-ltm.c b/source4/heimdal/lib/hcrypto/dh-ltm.c index 6af43cf044e..f4e03139ff2 100644 --- a/source4/heimdal/lib/hcrypto/dh-ltm.c +++ b/source4/heimdal/lib/hcrypto/dh-ltm.c @@ -108,8 +108,10 @@ ltm_dh_generate_key(DH *dh) return 0; } } - if (dh->pub_key) + if (dh->pub_key) { BN_free(dh->pub_key); + dh->pub_key = NULL; + } mp_init_multi(&pub, &priv_key, &g, &p, NULL); |