Blame SOURCES/Correct-error-handling-bug-in-prior-commit.patch

e58a44
From ca3e61600f1400974c63b2abb30b44f0c94d550b Mon Sep 17 00:00:00 2001
fab64b
From: Greg Hudson <ghudson@mit.edu>
fab64b
Date: Thu, 23 Mar 2017 13:42:55 -0400
fab64b
Subject: [PATCH] Correct error handling bug in prior commit
fab64b
fab64b
In crypto_encode_der_cert(), if the second i2d_X509() invocation
fab64b
fails, make sure to free the allocated pointer and not the
fab64b
possibly-modified alias.
fab64b
fab64b
ticket: 8561
fab64b
(cherry picked from commit 7fdaef7c3280c86b5df25ae061fb04cc56d8620c)
fab64b
---
fab64b
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 ++--
fab64b
 1 file changed, 2 insertions(+), 2 deletions(-)
fab64b
fab64b
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
fab64b
index a5b010b26..90c30dbf5 100644
fab64b
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
fab64b
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
fab64b
@@ -6196,10 +6196,10 @@ crypto_encode_der_cert(krb5_context context, pkinit_req_crypto_context reqctx,
fab64b
     if (len <= 0)
fab64b
         return EINVAL;
fab64b
     p = der = malloc(len);
fab64b
-    if (p == NULL)
fab64b
+    if (der == NULL)
fab64b
         return ENOMEM;
fab64b
     if (i2d_X509(reqctx->received_cert, &p) <= 0) {
fab64b
-        free(p);
fab64b
+        free(der);
fab64b
         return EINVAL;
fab64b
     }
fab64b
     *der_out = der;