diff options
| author | Nick Bofferding <opensource@bofferding.net> | 2019-04-10 13:05:57 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-04-10 13:05:57 -0500 |
| commit | f2b28370d0838388f9ea5a8b1e0eba799430ac3f (patch) | |
| tree | 62ee5b9d309e9b990451fba65f7ce4ae47907a4e | |
| parent | 017e481a8b58fbcbb303c05ae4e6006131c9a1fc (diff) | |
| download | sb-signing-utils-f2b28370d0838388f9ea5a8b1e0eba799430ac3f.tar.gz sb-signing-utils-f2b28370d0838388f9ea5a8b1e0eba799430ac3f.zip | |
Fix double delete bug when using OpenSSL v1.1 or higher
This commit fixes a problem wherein, in the verify_signature API, if OpenSSL version is 1.1 or higher, the call to ECDSA_SIG_set0 assigns memory ownership of R+S to the ECDSA signature, but then still frees them before calling ECDSA_SIG_free, leading to an application crash. Now, those frees will be inhibited in that path, and ECDSA_SIG_free will take care of reclaiming the memory instead.
Signed-off-by: Nick Bofferding opensource@bofferding.net
| -rw-r--r-- | print-container.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/print-container.c b/print-container.c index ad347a0..797670c 100644 --- a/print-container.c +++ b/print-container.c @@ -454,8 +454,6 @@ static bool verify_signature(const char *moniker, const unsigned char *dgst, die(EX_SOFTWARE, "%s", "Cannot ECDSA_do_verify"); } - BN_free(r_bn); - BN_free(s_bn); BN_free(key_bn); EC_KEY_free(ec_key); @@ -463,6 +461,8 @@ static bool verify_signature(const char *moniker, const unsigned char *dgst, #if OPENSSL_VERSION_NUMBER >= 0x10100000L ECDSA_SIG_free(ecdsa_sig); #else + BN_free(r_bn); + BN_free(s_bn); free(ecdsa_sig); #endif return status; |
