From: Dr. Stephen Henson Date: Tue, 3 May 2016 14:05:31 +0000 (+0100) Subject: Fix double free in d2i_PrivateKey(). X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=28dab7cfba522603d88ca95aab16b335060b6c3d Fix double free in d2i_PrivateKey(). RT#4527 Reviewed-by: Matt Caswell (cherry picked from commit 3340e8bb186f689df5720352f65a9c0c42b6046b) --- diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index d21829a..86dcf5f 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -97,15 +97,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, if (!ret->ameth->old_priv_decode || !ret->ameth->old_priv_decode(ret, &p, length)) { if (ret->ameth->priv_decode) { + EVP_PKEY *tmp; PKCS8_PRIV_KEY_INFO *p8 = NULL; p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); if (!p8) goto err; - EVP_PKEY_free(ret); - ret = EVP_PKCS82PKEY(p8); + tmp = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - if (ret == NULL) + if (tmp == NULL) goto err; + EVP_PKEY_free(ret); + ret = tmp; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err;