From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 2 Nov 2011 16:00:27 +0000 (+0100)
Subject: pkcs11: Invalid free fixed in DH/ECDH implementation.
X-Git-Tag: 4.6.0~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43cd036a771c5a3ca120dd15e553c06ce8321e04;p=thirdparty%2Fstrongswan.git

pkcs11: Invalid free fixed in DH/ECDH implementation.
---

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index f3fc0303dc..e48f7dcfe5 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -249,6 +249,7 @@ static bool generate_key_pair_ecp(private_pkcs11_dh_t *this,
 	CK_ATTRIBUTE pri_attr[] = {
 		{ CKA_DERIVE, &ck_true, sizeof(ck_true) },
 	};
+	chunk_t pub_key;
 	if (!generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
 						   countof(pri_attr), CKA_EC_POINT))
 	{
@@ -260,7 +261,9 @@ static bool generate_key_pair_ecp(private_pkcs11_dh_t *this,
 		chunk_clear(&this->pub_key);
 		return FALSE;
 	}
-	this->pub_key = chunk_skip(this->pub_key, 1);
+	pub_key = chunk_clone(chunk_skip(this->pub_key, 1));
+	chunk_clear(&this->pub_key);
+	this->pub_key = pub_key;
 	return TRUE;
 }