diff options
author | Todd Short <tshort@akamai.com> | 2016-05-25 20:56:48 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-27 17:20:10 +0100 |
commit | 4379d5ce782d4cc83840db7b7b66e18d325dfd3e (patch) | |
tree | 1e03949fb2e1b289238d1f22db7903c7b25d717b | |
parent | 230c691a5218f355a63ff12cd72ce99178378c64 (diff) | |
download | openssl-4379d5ce782d4cc83840db7b7b66e18d325dfd3e.tar.gz |
Fix ssl_cert_set0_chain invalid pointer
When setting the certificate chain, if a certificate doesn't pass
security checks, then chain may point to a freed STACK_OF(X509)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
-rw-r--r-- | ssl/ssl_cert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 7481705ed0..d668afafe7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -267,7 +267,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; if (!cpk) return 0; - sk_X509_pop_free(cpk->chain, X509_free); for (i = 0; i < sk_X509_num(chain); i++) { r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0); if (r != 1) { @@ -275,6 +274,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) return 0; } } + sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = chain; return 1; } |