projects
/
libdcp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
545e3f5
)
Fix use-after-free in error case.
author
Carl Hetherington
<cth@carlh.net>
Tue, 15 Aug 2023 10:33:33 +0000
(12:33 +0200)
committer
Carl Hetherington
<cth@carlh.net>
Tue, 15 Aug 2023 10:33:33 +0000
(12:33 +0200)
src/certificate_chain.cc
patch
|
blob
|
history
diff --git
a/src/certificate_chain.cc
b/src/certificate_chain.cc
index 51f2ca6814d950214625015444cf331dfc69ed64..449dba89e7a07a0bfda61c4db9a66e1952122f48 100644
(file)
--- a/
src/certificate_chain.cc
+++ b/
src/certificate_chain.cc
@@
-471,16
+471,18
@@
CertificateChain::chain_valid(List const & chain, string* error) const
}
int const v = X509_verify_cert (ctx);
- X509_STORE_CTX_free (ctx);
if (v != 1) {
X509_STORE_free (store);
if (error) {
*error = X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx));
}
+ X509_STORE_CTX_free(ctx);
return false;
}
+ X509_STORE_CTX_free(ctx);
+
/* I don't know why OpenSSL doesn't check this stuff
in verify_cert, but without these checks the
certificates_validation8 test fails.