Fix leak or double free with OCSP_request_add0_id() - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	tb <tb@openbsd.org>	2020-10-09 17:19:35 +0000
committer	tb <tb@openbsd.org>	2020-10-09 17:19:35 +0000
commit	c3f9ca11ad0bc2cb20fa9ee528767c6dcda24323 (patch)
tree	e68ff65aac7e331e88bfd18df45621c32ba33bed /lib/libssl/ssl_methods.c
parent	Correct error returns, do not print eror message to stdout (there (diff)
download	wireguard-openbsd-c3f9ca11ad0bc2cb20fa9ee528767c6dcda24323.tar.xz wireguard-openbsd-c3f9ca11ad0bc2cb20fa9ee528767c6dcda24323.zip

Fix leak or double free with OCSP_request_add0_id()

On success, OCSP_request_add0_id() transfers ownership of cid to either 'one' or 'req' depending on whether the latter is NULL or not. On failure, the caller can't tell whether OCSP_ONEREQ_new() failed (in which case cid needs to be freed) or whether it was a failure to allocate memory in sk_insert() (in which case cid must not be freed). The caller is thus faced with the choice of leaving either a leak or a potential double free. Fix this by transferring ownership only at the end of the function. Found while reviewing an upcoming diff by beck. ok jsing

Diffstat (limited to 'lib/libssl/ssl_methods.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: