git.ipfire.org Git - thirdparty/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Mon, 15 Apr 2019 11:15:55 +0000 (13:15 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Thu, 18 Apr 2019 17:20:55 +0000 (19:20 +0200)
commit	4f29f3a29b8b416a501c7166dbbca5284b198f81
tree	60c6f96bae0b6a720e07d32046ec91dec3b8dda9	tree \| snapshot
parent	87d9955e8cd2f1a2aa7f3a3e1da6c3c828070da1	commit \| diff

asn1parse: avoid double free

|str| was used for multiple conflicting purposes.  When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload.  However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.

So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.

The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from.  Now, we only need to free |buf| properly and not
|str|.

Fixes #8752

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)