]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c20ede0)
check_cert_crl(): Avoid potential UAF when using the value of current_crl
authorTomas Mraz <tomas@openssl.org>
Thu, 22 Jan 2026 10:23:26 +0000 (11:23 +0100)
committerTomas Mraz <tomas@openssl.org>
Tue, 3 Feb 2026 08:50:50 +0000 (09:50 +0100)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
MergeDate: Tue Feb  3 08:50:53 2026
(Merged from https://github.com/openssl/openssl/pull/29679)

crypto/x509/x509_vfy.c patch | blob | blame | history

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4b4a319d2e8af68aba3feaa8ec78ab587cc6579f..827a7663aace878c3732e8c14d02a5ee7e069c1c 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1392,6 +1392,7 @@ static int check_cert_crl(X509_STORE_CTX *ctx)
                 goto done;
         }
 
+        ctx->current_crl = NULL;
         X509_CRL_free(crl);
         X509_CRL_free(dcrl);
         crl = NULL;
Mirror of https://github.com/openssl/openssl.git