Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2015-0209.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2015-0209.patch of Package openssl1
commit 89117535f1bb3ea72a17933b703271587d7aaf0b Author: Matt Caswell <matt@openssl.org> Date: Mon Feb 9 11:38:41 2015 +0000 Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org> Index: openssl-1.0.1i/crypto/ec/ec_asn1.c =================================================================== --- openssl-1.0.1i.orig/crypto/ec/ec_asn1.c 2015-03-17 13:10:10.956899710 +0100 +++ openssl-1.0.1i/crypto/ec/ec_asn1.c 2015-03-17 13:14:06.422351709 +0100 @@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1208,11 +1206,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; }