diff options
| author |   miod <miod@openbsd.org> | 2014-07-10 21:40:59 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-07-10 21:40:59 +0000 |
| commit | 4134f72ade8d15413361849f46755fc7e11435fd (patch) | |
| tree | c5d783e1d51bc0c8ee313a885e612a0c80d0ca45 /lib/libssl | |
| parent | remove unused variable from ssl3_get_client_hello (diff) | |
| download | wireguard-openbsd-4134f72ade8d15413361849f46755fc7e11435fd.tar.xz wireguard-openbsd-4134f72ade8d15413361849f46755fc7e11435fd.zip | |
Fix a double free in a can't-fail error path in PKCS7_decrypt(), by removing
the error path altogether and simplifying the local variables as a result.
joint work with jsing@; ok jsing@ tedu@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_smime.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/lib/libssl/src/crypto/pkcs7/pk7_smime.c index 5d174f76444..01734bdd1be 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_smime.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.16 2014/07/10 21:40:59 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -551,25 +551,21 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) } if (flags & PKCS7_TEXT) { - BIO *tmpbuf, *bread; + BIO *tmpbuf; + /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); BIO_free_all(tmpmem); return 0; } - if (!(bread = BIO_push(tmpbuf, tmpmem))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpbuf); - BIO_free_all(tmpmem); - return 0; - } - ret = SMIME_text(bread, data); + BIO_push(tmpbuf, tmpmem); + ret = SMIME_text(tmpbuf, data); if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { if (!BIO_get_cipher_status(tmpmem)) ret = 0; } - BIO_free_all(bread); + BIO_free_all(tmpbuf); return ret; } else { for (;;) { |