diff options
author | David Benjamin <davidben@chromium.org> | 2015-03-19 22:06:48 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-03-19 22:50:32 +0300 |
commit | 4b1510c71ecadeb15e866f17086487a2d9691b48 (patch) | |
tree | 281b217031066a44e664c5ae310748442235654c /crypto/ec/ec_asn1.c | |
parent | 7a8e62dbd9df2ca2ee522fb3072edbfef6aafd11 (diff) |
Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209
(Imported from upstream's 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f.)
Change-Id: Ic2e5dc5c96e316c55f76bedc6ea55b416be3287a
Reviewed-on: https://boringssl-review.googlesource.com/4049
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/ec/ec_asn1.c')
-rw-r--r-- | crypto/ec/ec_asn1.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index ab523897..87e91e1f 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -509,18 +509,21 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const uint8_t **inp, long len) { OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_MALLOC_FAILURE); return NULL; } - if (key) { - *key = ret; - } } else { ret = *key; } if (!d2i_ECPKParameters(&ret->group, inp, len)) { OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_EC_LIB); + if (key == NULL || *key == NULL) { + EC_KEY_free(ret); + } return NULL; } + if (key) { + *key = ret; + } return ret; } |