]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ceae5a)
Set *sk_resp to NULL when freeing.
authorNeil Horman <nhorman@openssl.org>
Sat, 26 Jul 2025 13:28:01 +0000 (09:28 -0400)
committerNeil Horman <nhorman@openssl.org>
Tue, 29 Jul 2025 17:40:57 +0000 (13:40 -0400)
Its possible for get_ocsp_resp_from_responder to return OK after having
freed *sk_resp without setting the freed pointer to NULL, leading us to
set a garbage pointer in other code.

Ensure that we set it to NULL after freeing

Addresses https://scan5.scan.coverity.com/#/project-view/60762/10222?selectedIssue=1659225

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)

apps/s_server.c patch | blob | blame | history

diff --git a/apps/s_server.c b/apps/s_server.c
index c09395c69b231fb27289f06e35e159aaf9945c15..0360bfccdf0c821488f131567c294a022aa1f7a3 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -755,8 +755,10 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
     STACK_OF(X509) *server_certs = NULL;
     OCSP_RESPONSE *resp = NULL;
 
-    if (*sk_resp != NULL)
+    if (*sk_resp != NULL) {
         sk_OCSP_RESPONSE_pop_free(*sk_resp, OCSP_RESPONSE_free);
+        *sk_resp = NULL;
+    }
 
     SSL_get0_chain_certs(s, &server_certs);
     /*
Mirror of https://github.com/openssl/openssl.git