aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-02-16 16:30:55 (GMT)
committerJouni Malinen <j@w1.fi>2016-02-16 16:30:55 (GMT)
commit3a583e0023e3390e149d74e0c45ef917a6cf6909 (patch)
tree361c62a0cc9e29042d0c36b3b7352fed012a1df6
parentddd0032e0320b78e34244f20e6fdf73d89bf00c8 (diff)
downloadhostap-3a583e0023e3390e149d74e0c45ef917a6cf6909.zip
hostap-3a583e0023e3390e149d74e0c45ef917a6cf6909.tar.gz
hostap-3a583e0023e3390e149d74e0c45ef917a6cf6909.tar.bz2
OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1
Commit 8bcf8de827e841a35841034edd6f8281a7a3aeba ('OpenSSL: Fix memory leak in PKCS12 additional certificate parsing') tried to fix a memory leak in both the 1.0.2(and newer) and 1.0.1 branches of PKCS12 parsing. However, the 1.0.1 case was not properly tested and freeing of the certificate after a successful SSL_CTX_add_extra_chain_cert() call resulted in use of freed memory when going through the TLS handshake. Fix this by not freeing the certificate in that specific case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--src/crypto/tls_openssl.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index b23c219..ebcc545 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2538,7 +2538,6 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
res = -1;
break;
}
- X509_free(cert);
}
sk_X509_pop_free(certs, X509_free);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */