Google Git
Sign in
boringssl / boringssl / a84f06fc1eee6ea25ce040675fbad72c532afece
commita84f06fc1eee6ea25ce040675fbad72c532afece[log] [tgz]
authorDoug Hogan <doug@acyclic.org>Sun Feb 01 19:46:09 2015 -0800
committerAdam Langley <agl@google.com>Mon Feb 02 17:01:32 2015 -0800
treed7876c0fd5b90532588b99ff1cfd518562513541
parentd660b57208e433d7d64973d52c3ea06a77ec4b57 [diff]
Move free from cbb_init() to only CBB_init().

CBB_init_fixed() should not call free because it can lead to use after
free or double free bugs.  The caller should be responsible for
creating and destroying the buffer.

In the current code, ssl3_get_v2_client_hello() may free s->init_buf->data
via CBB_init_fixed().  It can also be freed via SSL_free(s) since
ssl3_get_v2_client_hello() doesn't set it to NULL and CBB_init_fixed()
can't set the caller's pointer to NULL.

Change-Id: Ia05a67ae25af7eb4fb04f08f20d50d912b41e38b
1 file changed
tree: d7876c0fd5b90532588b99ff1cfd518562513541
  1. crypto/
  2. doc/
  3. include/
  4. ssl/
  5. tool/
  6. util/
  7. .clang-format
  8. .gitignore
  9. BUILDING
  10. CMakeLists.txt
  11. codereview.settings
  12. STYLE