From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 23 Mar 2017 17:42:55 +0000 (-0400)
Subject: Correct error handling bug in prior commit
X-Git-Tag: krb5-1.16-beta1~127
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fdaef7c3280c86b5df25ae061fb04cc56d8620c;p=thirdparty%2Fkrb5.git

Correct error handling bug in prior commit

In crypto_encode_der_cert(), if the second i2d_X509() invocation
fails, make sure to free the allocated pointer and not the
possibly-modified alias.

ticket: 8561
---

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index a1ba9118d0..be4fc47b15 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -6114,10 +6114,10 @@ crypto_encode_der_cert(krb5_context context, pkinit_req_crypto_context reqctx,
     if (len <= 0)
         return EINVAL;
     p = der = malloc(len);
-    if (p == NULL)
+    if (der == NULL)
         return ENOMEM;
     if (i2d_X509(reqctx->received_cert, &p) <= 0) {
-        free(p);
+        free(der);
         return EINVAL;
     }
     *der_out = der;