Avoid dangling ptrs in header and data params for PEM_read_bio_ex
In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Showing
想要评论请 注册 或 登录