Skip to content

[BUG] A double free bug in engines/e_loader_attic.c #14915

New issue
New issue
Closed
prchander/openssl
#3
Closed
[BUG] A double free bug in engines/e_loader_attic.c#14915
prchander/openssl
#3
Labels
issue: bug reportThe issue was opened to report a bug
@Yunlongs

Description

@Yunlongs
Yunlongs
opened on Apr 18, 2021

File: engines/e_loader_attic.c
Bug Function: try_decode_PKCS8Encrypted
Version: Git-master(2021-4-18)

Description:
In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481.
If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8.
In the nop8 branch, p8 is freed again at line 491.

Code Description:

static OSSL_STORE_INFO *try_decode_PKCS8Encrypted()
{
   ...
481:    X509_SIG_free(p8); // p8 is freed in the first time!

483:    store_info = new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
        if (store_info == NULL) {
            ATTICerr(0, ERR_R_MALLOC_FAILURE);
            goto nop8;
        }

        return store_info;
 nop8:
491:     X509_SIG_free(p8);   // p8 is freed in the second time !
        BUF_MEM_free(mem);
        return NULL;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue: bug reportThe issue was opened to report a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions