Loading CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) [Ben Laurie, Kasper <ekasper@google.com>] *) Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [Adam Langley (Google)] Loading crypto/x509v3/pcy_map.c +6 −4 Original line number Diff line number Diff line Loading @@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF * const *a, static void policy_map_free(X509_POLICY_REF *map) { if (map->subjectDomainPolicy) ASN1_OBJECT_free(map->subjectDomainPolicy); OPENSSL_free(map); } Loading @@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) { POLICY_MAPPING *map; X509_POLICY_REF *ref = NULL; ASN1_OBJECT *subjectDomainPolicyRef; X509_POLICY_DATA *data; X509_POLICY_CACHE *cache = x->policy_cache; int i; Loading Loading @@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) if (!sk_ASN1_OBJECT_push(data->expected_policy_set, map->subjectDomainPolicy)) goto bad_mapping; /* map->subjectDomainPolicy will be freed when * cache->data is freed. Set it to NULL to avoid double-free. */ subjectDomainPolicyRef = map->subjectDomainPolicy; map->subjectDomainPolicy = NULL; ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); if (!ref) goto bad_mapping; ref->subjectDomainPolicy = map->subjectDomainPolicy; map->subjectDomainPolicy = NULL; ref->subjectDomainPolicy = subjectDomainPolicyRef; ref->data = data; if (!sk_X509_POLICY_REF_push(cache->maps, ref)) Loading crypto/x509v3/pcy_tree.c +4 −1 Original line number Diff line number Diff line Loading @@ -612,6 +612,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, case 2: return 1; /* Some internal error */ case -1: return -1; /* Some internal error */ case 0: return 0; Loading Loading @@ -691,4 +695,3 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, return 0; } Loading
CHANGES +3 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,9 @@ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) [Ben Laurie, Kasper <ekasper@google.com>] *) Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [Adam Langley (Google)] Loading
crypto/x509v3/pcy_map.c +6 −4 Original line number Diff line number Diff line Loading @@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF * const *a, static void policy_map_free(X509_POLICY_REF *map) { if (map->subjectDomainPolicy) ASN1_OBJECT_free(map->subjectDomainPolicy); OPENSSL_free(map); } Loading @@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) { POLICY_MAPPING *map; X509_POLICY_REF *ref = NULL; ASN1_OBJECT *subjectDomainPolicyRef; X509_POLICY_DATA *data; X509_POLICY_CACHE *cache = x->policy_cache; int i; Loading Loading @@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) if (!sk_ASN1_OBJECT_push(data->expected_policy_set, map->subjectDomainPolicy)) goto bad_mapping; /* map->subjectDomainPolicy will be freed when * cache->data is freed. Set it to NULL to avoid double-free. */ subjectDomainPolicyRef = map->subjectDomainPolicy; map->subjectDomainPolicy = NULL; ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); if (!ref) goto bad_mapping; ref->subjectDomainPolicy = map->subjectDomainPolicy; map->subjectDomainPolicy = NULL; ref->subjectDomainPolicy = subjectDomainPolicyRef; ref->data = data; if (!sk_X509_POLICY_REF_push(cache->maps, ref)) Loading
crypto/x509v3/pcy_tree.c +4 −1 Original line number Diff line number Diff line Loading @@ -612,6 +612,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, case 2: return 1; /* Some internal error */ case -1: return -1; /* Some internal error */ case 0: return 0; Loading Loading @@ -691,4 +695,3 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, return 0; }
