diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2023-11-20 10:05:49 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2023-11-22 09:34:55 +0100 |
commit | bc0773bbbd4d3ace6957385f1f22a5cda25dc94f (patch) | |
tree | 6a97e683f1afac60da00920547e623add13b7e94 /ssl | |
parent | 3e3aadd51cae1fbfb512cf4a0999d16c6a2888bd (diff) | |
download | openssl-bc0773bbbd4d3ace6957385f1f22a5cda25dc94f.tar.gz |
Fix a possible use-after-free in custom_exts_free
This may happen when ssl_cert_dup calls custom_exts_copy, where
a possible memory allocation error causes custom_exts_free
to be called twice: once in the error handling of custom_exts_copy
and a second time in the error handling of ssl_cert_dup.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/extensions_cust.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index 7c049d2970..fd840e8918 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -342,6 +342,8 @@ void custom_exts_free(custom_ext_methods *exts) OPENSSL_free(meth->parse_arg); } OPENSSL_free(exts->meths); + exts->meths = NULL; + exts->meths_count = 0; } /* Return true if a client custom extension exists, false otherwise */ |