Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64

Otherwise, |dec| gets moved past the end of the signature by o2i_SCT_signature and then can't be correctly freed afterwards. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548)

Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64
Otherwise, |dec| gets moved past the end of the signature by o2i_SCT_signature and then can't be correctly freed afterwards. Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1548)
73ccf3ca · Rob Percival · 70a06fc1 · 73ccf3ca
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

crypto/ct/ct_b64.c crypto/ct/ct_b64.c +4 -1

未找到文件。
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -64,6 +64,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
 {
    SCT *sct = SCT_new();
    unsigned char *dec = NULL;
+    const unsigned char* p = NULL;
    int declen;

    if (sct == NULL) {
@@ -102,7 +103,9 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
        goto err;
    }
-    if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)
+
+    p = dec;
+    if (o2i_SCT_signature(sct, &p, declen) <= 0)
        goto err;
    OPENSSL_free(dec);
    dec = NULL;