Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
提交 4379d5ce 编写于 作者: T Todd Short 提交者: Matt Caswell
浏览文件
操作

Fix ssl_cert_set0_chain invalid pointer 

When setting the certificate chain, if a certificate doesn't pass
security checks, then chain may point to a freed STACK_OF(X509)
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 230c691a
隐藏空白更改
内联 并排
Showing with 1 addition and 1 deletion
ssl/ssl_cert.c
浏览文件 @ 4379d5ce
...@@ -267,7 +267,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) ...@@ -267,7 +267,6 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
if (!cpk) if (!cpk)
return 0; return 0;
sk_X509_pop_free(cpk->chain, X509_free);
for (i = 0; i < sk_X509_num(chain); i++) { for (i = 0; i < sk_X509_num(chain); i++) {
r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0); r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
if (r != 1) { if (r != 1) {
...@@ -275,6 +274,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) ...@@ -275,6 +274,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
return 0; return 0;
} }
} }
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = chain; cpk->chain = chain;
return 1; return 1;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册