Projects
openEuler:Mainline
compat-openssl11
_service:tar_scm:backport-CVE-2022-4450-Avoid-d...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch of Package compat-openssl11
From bbcf509bd046b34cca19c766bbddc31683d0858b Mon Sep 17 00:00:00 2001 From: Matt Caswell <matt@openssl.org> Date: Tue, 13 Dec 2022 14:54:55 +0000 Subject: [PATCH] Avoid dangling ptrs in header and data params for PEM_read_bio_ex In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> --- crypto/pem/pem_lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index d416d939ea..328c30cdbb 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, *data = pem_malloc(len, flags); if (*header == NULL || *data == NULL) { pem_free(*header, flags, 0); + *header = NULL; pem_free(*data, flags, 0); + *data = NULL; goto end; } BIO_read(headerB, *header, headerlen); -- 2.17.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2