Permalink
Browse files

Fix a failure to NULL a pointer freed on error.

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
  • Loading branch information...
mattcaswell committed Feb 9, 2015
1 parent 71ea6b4 commit 9e442d485008046933cdc7da65080f436a4af089
Showing with 3 additions and 3 deletions.
  1. +3 −3 crypto/ec/ec_asn1.c
@@ -1033,8 +1033,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (a)
*a = ret;
} else
ret = *a;

@@ -1102,10 +1100,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
ret->enc_flag |= EC_PKEY_NO_PUBKEY;
}

if (a)
*a = ret;
ok = 1;
err:
if (!ok) {
if (ret)
if (ret && (a == NULL || *a != ret))
EC_KEY_free(ret);
ret = NULL;
}

0 comments on commit 9e442d4

Please sign in to comment.