|
 |
c4366c |
diff -up openssl-fips-0.9.8e/CHANGES.doublefree openssl-fips-0.9.8e/CHANGES
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c.doublefree openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c.doublefree 2004-03-25 14:45:58.000000000 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c 2012-01-16 10:37:18.480935735 +0100
|
|
|
c4366c |
@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF
|
|
|
c4366c |
|
|
|
c4366c |
static void policy_map_free(X509_POLICY_REF *map)
|
|
|
c4366c |
{
|
|
|
c4366c |
- if (map->subjectDomainPolicy)
|
|
|
c4366c |
- ASN1_OBJECT_free(map->subjectDomainPolicy);
|
|
|
c4366c |
OPENSSL_free(map);
|
|
|
c4366c |
}
|
|
|
c4366c |
|
|
|
c4366c |
@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, PO
|
|
|
c4366c |
{
|
|
|
c4366c |
POLICY_MAPPING *map;
|
|
|
c4366c |
X509_POLICY_REF *ref = NULL;
|
|
|
c4366c |
+ ASN1_OBJECT *subjectDomainPolicyRef;
|
|
|
c4366c |
X509_POLICY_DATA *data;
|
|
|
c4366c |
X509_POLICY_CACHE *cache = x->policy_cache;
|
|
|
c4366c |
int i;
|
|
|
c4366c |
@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, PO
|
|
|
c4366c |
if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
|
|
|
c4366c |
map->subjectDomainPolicy))
|
|
|
c4366c |
goto bad_mapping;
|
|
|
c4366c |
+ /* map->subjectDomainPolicy will be freed when
|
|
|
c4366c |
+ * cache->data is freed. Set it to NULL to avoid double-free. */
|
|
|
c4366c |
+ subjectDomainPolicyRef = map->subjectDomainPolicy;
|
|
|
c4366c |
+ map->subjectDomainPolicy = NULL;
|
|
|
c4366c |
|
|
|
c4366c |
ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
|
|
|
c4366c |
if (!ref)
|
|
|
c4366c |
goto bad_mapping;
|
|
|
c4366c |
|
|
|
c4366c |
- ref->subjectDomainPolicy = map->subjectDomainPolicy;
|
|
|
c4366c |
- map->subjectDomainPolicy = NULL;
|
|
|
c4366c |
+ ref->subjectDomainPolicy = subjectDomainPolicyRef;
|
|
|
c4366c |
ref->data = data;
|
|
|
c4366c |
|
|
|
c4366c |
if (!sk_X509_POLICY_REF_push(cache->maps, ref))
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c.doublefree openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c.doublefree 2006-11-27 14:36:54.000000000 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c 2012-01-16 10:37:18.481935777 +0100
|
|
|
c4366c |
@@ -610,6 +610,10 @@ int X509_policy_check(X509_POLICY_TREE *
|
|
|
c4366c |
case 2:
|
|
|
c4366c |
return 1;
|
|
|
c4366c |
|
|
|
c4366c |
+ /* Some internal error */
|
|
|
c4366c |
+ case -1:
|
|
|
c4366c |
+ return -1;
|
|
|
c4366c |
+
|
|
|
c4366c |
/* Some internal error */
|
|
|
c4366c |
case 0:
|
|
|
c4366c |
return 0;
|
|
|
c4366c |
@@ -689,4 +693,3 @@ int X509_policy_check(X509_POLICY_TREE *
|
|
|
c4366c |
return 0;
|
|
|
c4366c |
|
|
|
c4366c |
}
|
|
|
c4366c |
-
|