Blame SOURCES/Correct-error-handling-bug-in-prior-commit.patch
|
 |
fab64b |
From e9a48c7c89def99b0e60a8b83646a345966c077c Mon Sep 17 00:00:00 2001
|
|
|
fab64b |
From: Greg Hudson <ghudson@mit.edu>
|
|
|
fab64b |
Date: Thu, 23 Mar 2017 13:42:55 -0400
|
|
|
fab64b |
Subject: [PATCH] Correct error handling bug in prior commit
|
|
|
fab64b |
|
|
|
fab64b |
In crypto_encode_der_cert(), if the second i2d_X509() invocation
|
|
|
fab64b |
fails, make sure to free the allocated pointer and not the
|
|
|
fab64b |
possibly-modified alias.
|
|
|
fab64b |
|
|
|
fab64b |
ticket: 8561
|
|
|
fab64b |
(cherry picked from commit 7fdaef7c3280c86b5df25ae061fb04cc56d8620c)
|
|
|
fab64b |
---
|
|
|
fab64b |
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 ++--
|
|
|
fab64b |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
fab64b |
|
|
|
fab64b |
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
|
fab64b |
index a5b010b26..90c30dbf5 100644
|
|
|
fab64b |
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
|
fab64b |
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
|
fab64b |
@@ -6196,10 +6196,10 @@ crypto_encode_der_cert(krb5_context context, pkinit_req_crypto_context reqctx,
|
|
|
fab64b |
if (len <= 0)
|
|
|
fab64b |
return EINVAL;
|
|
|
fab64b |
p = der = malloc(len);
|
|
|
fab64b |
- if (p == NULL)
|
|
|
fab64b |
+ if (der == NULL)
|
|
|
fab64b |
return ENOMEM;
|
|
|
fab64b |
if (i2d_X509(reqctx->received_cert, &p) <= 0) {
|
|
|
fab64b |
- free(p);
|
|
|
fab64b |
+ free(der);
|
|
|
fab64b |
return EINVAL;
|
|
|
fab64b |
}
|
|
|
fab64b |
*der_out = der;
|