From 3a583e0023e3390e149d74e0c45ef917a6cf6909 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 16 Feb 2016 18:30:55 +0200 Subject: [PATCH] OpenSSL: Fix PKCS#12 parsing of extra certificates with OpenSSL 1.0.1 Commit 8bcf8de827e841a35841034edd6f8281a7a3aeba ('OpenSSL: Fix memory leak in PKCS12 additional certificate parsing') tried to fix a memory leak in both the 1.0.2(and newer) and 1.0.1 branches of PKCS12 parsing. However, the 1.0.1 case was not properly tested and freeing of the certificate after a successful SSL_CTX_add_extra_chain_cert() call resulted in use of freed memory when going through the TLS handshake. Fix this by not freeing the certificate in that specific case. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index b23c219e8..ebcc54536 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2538,7 +2538,6 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12, res = -1; break; } - X509_free(cert); } sk_X509_pop_free(certs, X509_free); #endif /* OPENSSL_VERSION_NUMBER >= 0x10002000L */