Skip to content
  1. May 23, 2019
  2. May 22, 2019
  3. May 21, 2019
  4. May 20, 2019
  5. May 16, 2019
  6. May 09, 2019
  7. May 08, 2019
  8. May 07, 2019
  9. May 02, 2019
  10. Apr 30, 2019
  11. Apr 25, 2019
  12. Apr 24, 2019
  13. Apr 23, 2019
  14. Apr 19, 2019
  15. Apr 18, 2019
    • Richard Levitte's avatar
      asn1parse: avoid double free · 18111b13
      Richard Levitte authored
      
      
      |str| was used for multiple conflicting purposes.  When using
      '-strictpem', it's used to uniquely hold a reference to the loaded
      payload.  However, when using '-strparse', |str| was re-used to hold
      the position from where to start parsing.
      
      So when '-strparse' and '-strictpem' are were together, |str| ended up
      pointing into data pointed at by |at|, and was yet being freed, with
      the result that the payload it held a reference to became a memory
      leak, and there was a double free conflict when both |str| and |at|
      were being freed.
      
      The situation is resolved by always having |buf| hold the pointer to
      the file data, and always and only use |str| to hold the position to
      start parsing from.  Now, we only need to free |buf| properly and not
      |str|.
      
      Fixes #8752
      
      Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
      (Merged from https://github.com/openssl/openssl/pull/8753)
      
      (cherry picked from commit 4f29f3a2)
      18111b13
  16. Apr 16, 2019
  17. Apr 15, 2019