File openssl-CVE-2015-0209.patch of Package openssl.11276

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2015-0209.patch of Package openssl.11276

commit 89117535f1bb3ea72a17933b703271587d7aaf0b
Author: Matt Caswell <matt@openssl.org>
Date:   Mon Feb 9 11:38:41 2015 +0000

Fix a failure to NULL a pointer freed on error.
    
    Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
    
    CVE-2015-0209
    
    Reviewed-by: Emilia Käsper <emilia@openssl.org>

Index: openssl-1.0.1i/crypto/ec/ec_asn1.c
===================================================================
--- openssl-1.0.1i.orig/crypto/ec/ec_asn1.c	2015-03-17 13:10:10.956899710 +0100
+++ openssl-1.0.1i/crypto/ec/ec_asn1.c	2015-03-17 13:14:06.422351709 +0100
@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1208,11 +1206,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
 			}
 		}
 
+	if (a)
+		*a = ret;
 	ok = 1;
 err:
 	if (!ok)
 		{
-		if (ret)
+	        if (ret && (a == NULL || *a != ret))
 			EC_KEY_free(ret);
 		ret = NULL;
 		}

Places

File openssl-CVE-2015-0209.patch of Package openssl.11276

Places