From 6c26267b07f77f8a14af7091af01b8dd0bb56b1c Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 26 Jan 2021 19:33:24 +0100 Subject: [PATCH] openssl: Fix potential crash with ECDH on Windows Apparently, we should use OPENSSL_free() to release memory allocated by OpenSSL. While it generally maps to free() that's apparently not the case on Windows, where the ECP test vectors caused `ACCESS_VIOLATION exception` crashes (not always the same vector). Fixes: 74e02ff5e624 ("openssl: Mainly use EVP interface for ECDH") --- src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 180eb0ab29..53691205df 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -246,7 +246,7 @@ METHOD(diffie_hellman_t, get_my_public_value, bool, if (pub.len != 0) { *value = chunk_clone(chunk_skip(pub, 1)); - chunk_free(&pub); + OPENSSL_free(pub.ptr); return value->len != 0; } return FALSE; -- 2.47.2