Skip to content
Snippets Groups Projects
Commit 837e1b68 authored by Bodo Möller's avatar Bodo Möller
Browse files

Fix memory leak on bad inputs.

parent ae53b299
No related branches found
No related tags found
No related merge requests found
......@@ -418,6 +418,9 @@
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
*) Fix x509_name_ex_d2i memory leak on bad inputs.
[Bodo Moeller]
*) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
signature public key algorithm by using OID xref utilities instead.
Before this you could only use some ECC ciphersuites with SHA1 only.
......@@ -1312,6 +1315,9 @@
Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
*) Fix x509_name_ex_d2i memory leak on bad inputs.
[Bodo Moeller]
*) Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
......
......@@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
*val = nm.a;
*in = p;
return ret;
err:
err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment