Commit 73ccf3ca authored by Rob Percival's avatar Rob Percival
Browse files

Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64 



Otherwise, |dec| gets moved past the end of the signature by
o2i_SCT_signature and then can't be correctly freed afterwards.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
parent 70a06fc1

crypto/ct/ct_b64.c

+4 −1
Original line number Diff line number Diff line
@@ -64,6 +64,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, 
{

    SCT *sct = SCT_new();

    unsigned char *dec = NULL;

    const unsigned char* p = NULL;

    int declen;



    if (sct == NULL) {
@@ -102,7 +103,9 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, 
        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);

        goto err;

    }

    if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)



    p = dec;

    if (o2i_SCT_signature(sct, &p, declen) <= 0)

        goto err;

    OPENSSL_free(dec);

    dec = NULL;