]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 141ad51)
Avoid doublefree of OCSP_SINGLERESP
authorTomas Mraz <tomas@openssl.org>
Tue, 19 Aug 2025 07:12:37 +0000 (09:12 +0200)
committerTomas Mraz <tomas@openssl.org>
Wed, 20 Aug 2025 12:59:34 +0000 (14:59 +0200)
It is referenced by OCSP_BASICRESP and will be
freed when that is freed.

Issue and a proposed fix reported by Stanislav Fort (Aisle Research).

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28300)

ssl/ssl_lib.c patch | blob | blame | history

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ce95a748c7e787a8247e224999177bf9fff330df..da99fd263125c0b10495410691293d4990c4f8ad 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -6461,9 +6461,6 @@ static int ct_extract_ocsp_response_scts(SSL_CONNECTION *s)
 
             scts = OCSP_SINGLERESP_get1_ext_d2i(single,
                                                 NID_ct_cert_scts, NULL, NULL);
-
-            OCSP_SINGLERESP_free(single);
-
             if (scts == NULL)  {
                 scts_extracted = -1;
                 goto err;
Mirror of https://github.com/openssl/openssl.git