Google Git
Sign in
boringssl / boringssl.git / f0320d3c73f69a9a1d2701fa7ae911b03c97f085^! / .
commitf0320d3c73f69a9a1d2701fa7ae911b03c97f085[log] [tgz]
authorAdam Langley <agl@google.com>Tue May 19 11:58:42 2015 -0700
committerAdam Langley <agl@google.com>Tue May 19 19:16:44 2015 +0000
tree1c70a816e93e946534b065398ab27289bba47eb8
parent3dacff94dcd15477a819f230b801934bc17def9d [diff]
Fix use after free in X509.

This change import's upstream's beeb0fa7 and fixes a UAF in X509.
Thankfully, this shouldn't impact Chromium, which doesn't use OpenSSL
for certificate verification.

BUG=489764

Change-Id: I0ce2ec05083f7c588ba5504bb12151437dec593e
Reviewed-on: https://boringssl-review.googlesource.com/4810
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 27a91ff..d79f0de 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c

@@ -879,9 +879,9 @@
 		if (astrlen < 0)
 			return -1;
 		rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
-		OPENSSL_free(astr);
 		if (rv > 0 && peername)
 			*peername = BUF_strndup((char *)astr, astrlen);
+		OPENSSL_free(astr);
 		}
 	return rv;
 	}