Commit 6c88c71b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix double free in DSA private key parsing. 



Fix double free bug when parsing malformed DSA private keys.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

CVE-2016-0705

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent c575ceff

crypto/dsa/dsa_ameth.c

+10 −10
Original line number Diff line number Diff line
@@ -191,6 +191,8 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 
    STACK_OF(ASN1_TYPE) *ndsa = NULL;

    DSA *dsa = NULL;



    int ret = 0;



    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))

        return 0;

    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
@@ -262,23 +264,21 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 
    }



    EVP_PKEY_assign_DSA(pkey, dsa);

    BN_CTX_free(ctx);

    if (ndsa)

        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

    else

        ASN1_STRING_clear_free(privkey);



    return 1;

    ret = 1;

    goto done;



 decerr:

    DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);

 dsaerr:

    DSA_free(dsa);

 done:

    BN_CTX_free(ctx);

    if (privkey)

        ASN1_STRING_clear_free(privkey);

    if (ndsa)

        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);

    DSA_free(dsa);

    return 0;

    else

        ASN1_STRING_clear_free(privkey);

    return ret;

}



static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)