forked from pool/openssl
42aa3a9eb7
- security update: * CVE-2015-0209 (bnc#919648) - Fix a failure to NULL a pointer freed on error * CVE-2015-0286 (bnc#922496) - Segmentation fault in ASN1_TYPE_cmp * CVE-2015-0287 (bnc#922499) - ASN.1 structure reuse memory corruption * CVE-2015-0288 x509: (bnc#920236) - added missing public key is not NULL check * CVE-2015-0289 (bnc#922500) - PKCS7 NULL pointer dereferences * CVE-2015-0293 (bnc#922488) - Fix reachable assert in SSLv2 servers * added patches: openssl-CVE-2015-0209.patch openssl-CVE-2015-0286.patch openssl-CVE-2015-0287.patch openssl-CVE-2015-0288.patch openssl-CVE-2015-0289.patch openssl-CVE-2015-0293.patch (forwarded request 291606 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/291607 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=126
41 lines
1.0 KiB
Diff
41 lines
1.0 KiB
Diff
commit 89117535f1bb3ea72a17933b703271587d7aaf0b
|
|
Author: Matt Caswell <matt@openssl.org>
|
|
Date: Mon Feb 9 11:38:41 2015 +0000
|
|
|
|
Fix a failure to NULL a pointer freed on error.
|
|
|
|
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
|
|
|
|
CVE-2015-0209
|
|
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
|
|
Index: openssl-1.0.1k/crypto/ec/ec_asn1.c
|
|
===================================================================
|
|
--- openssl-1.0.1k.orig/crypto/ec/ec_asn1.c 2015-03-19 15:58:22.021039425 +0100
|
|
+++ openssl-1.0.1k/crypto/ec/ec_asn1.c 2015-03-19 15:58:26.431103852 +0100
|
|
@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
|
|
ERR_R_MALLOC_FAILURE);
|
|
goto err;
|
|
}
|
|
- if (a)
|
|
- *a = ret;
|
|
}
|
|
else
|
|
ret = *a;
|
|
@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
|
|
ret->enc_flag |= EC_PKEY_NO_PUBKEY;
|
|
}
|
|
|
|
+ if (a)
|
|
+ *a = ret;
|
|
ok = 1;
|
|
err:
|
|
if (!ok)
|
|
{
|
|
- if (ret)
|
|
+ if (ret && (a == NULL || *a != ret))
|
|
EC_KEY_free(ret);
|
|
ret = NULL;
|
|
}
|