mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Fix potential double free through SRP_user_pwd_set1_ids()
If SRP_user_pwd_set1_ids() fails during one of the duplications, or id is NULL, then the old pointer values are still stored but they are now dangling. Later when SRP_user_pwd_free() is called these are freed again, leading to a double free. Although there are no such uses in OpenSSL as far as I found, it's still a public API. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25655)
This commit is contained in:
parent
38e8392ba0
commit
792b2c8da2
@ -214,6 +214,8 @@ int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
|
||||
{
|
||||
OPENSSL_free(vinfo->id);
|
||||
OPENSSL_free(vinfo->info);
|
||||
vinfo->id = NULL;
|
||||
vinfo->info = NULL;
|
||||
if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
|
||||
return 0;
|
||||
return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
|
||||
|
Loading…
Reference in New Issue
Block a user