Blame SOURCES/openssl-fips-0.9.8e-cve-2011-4109.patch

c4366c
diff -up openssl-fips-0.9.8e/CHANGES.doublefree openssl-fips-0.9.8e/CHANGES
c4366c
diff -up openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c.doublefree openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c
c4366c
--- openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c.doublefree	2004-03-25 14:45:58.000000000 +0100
c4366c
+++ openssl-fips-0.9.8e/crypto/x509v3/pcy_map.c	2012-01-16 10:37:18.480935735 +0100
c4366c
@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF
c4366c
 
c4366c
 static void policy_map_free(X509_POLICY_REF *map)
c4366c
 	{
c4366c
-	if (map->subjectDomainPolicy)
c4366c
-		ASN1_OBJECT_free(map->subjectDomainPolicy);
c4366c
 	OPENSSL_free(map);
c4366c
 	}
c4366c
 
c4366c
@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, PO
c4366c
 	{
c4366c
 	POLICY_MAPPING *map;
c4366c
 	X509_POLICY_REF *ref = NULL;
c4366c
+	ASN1_OBJECT *subjectDomainPolicyRef;
c4366c
 	X509_POLICY_DATA *data;
c4366c
 	X509_POLICY_CACHE *cache = x->policy_cache;
c4366c
 	int i;
c4366c
@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, PO
c4366c
 		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
c4366c
 						map->subjectDomainPolicy))
c4366c
 			goto bad_mapping;
c4366c
+                /* map->subjectDomainPolicy will be freed when
c4366c
+                 * cache->data is freed. Set it to NULL to avoid double-free. */
c4366c
+                subjectDomainPolicyRef = map->subjectDomainPolicy;
c4366c
+                map->subjectDomainPolicy = NULL;
c4366c
 		
c4366c
 		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
c4366c
 		if (!ref)
c4366c
 			goto bad_mapping;
c4366c
 
c4366c
-		ref->subjectDomainPolicy = map->subjectDomainPolicy;
c4366c
-		map->subjectDomainPolicy = NULL;
c4366c
+		ref->subjectDomainPolicy = subjectDomainPolicyRef;
c4366c
 		ref->data = data;
c4366c
 
c4366c
 		if (!sk_X509_POLICY_REF_push(cache->maps, ref))
c4366c
diff -up openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c.doublefree openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c
c4366c
--- openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c.doublefree	2006-11-27 14:36:54.000000000 +0100
c4366c
+++ openssl-fips-0.9.8e/crypto/x509v3/pcy_tree.c	2012-01-16 10:37:18.481935777 +0100
c4366c
@@ -610,6 +610,10 @@ int X509_policy_check(X509_POLICY_TREE *
c4366c
 		case 2:
c4366c
 		return 1;
c4366c
 
c4366c
+                /* Some internal error */
c4366c
+		case -1:
c4366c
+		return -1;
c4366c
+
c4366c
 		/* Some internal error */
c4366c
 		case 0:
c4366c
 		return 0;
c4366c
@@ -689,4 +693,3 @@ int X509_policy_check(X509_POLICY_TREE *
c4366c
 	return 0;
c4366c
 
c4366c
 	}
c4366c
-