summaryrefslogtreecommitdiff
path: root/openssl0.9.8/patches/CVE-2011-4109.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl0.9.8/patches/CVE-2011-4109.patch')
-rw-r--r--openssl0.9.8/patches/CVE-2011-4109.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2011-4109.patch b/openssl0.9.8/patches/CVE-2011-4109.patch
new file mode 100644
index 0000000..b602938
--- /dev/null
+++ b/openssl0.9.8/patches/CVE-2011-4109.patch
@@ -0,0 +1,60 @@
+diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
+index f28796e..acd2ede 100644
+--- a/crypto/x509v3/pcy_map.c
++++ b/crypto/x509v3/pcy_map.c
+@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF * const *a,
+
+ static void policy_map_free(X509_POLICY_REF *map)
+ {
+- if (map->subjectDomainPolicy)
+- ASN1_OBJECT_free(map->subjectDomainPolicy);
+ OPENSSL_free(map);
+ }
+
+@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+ {
+ POLICY_MAPPING *map;
+ X509_POLICY_REF *ref = NULL;
++ ASN1_OBJECT *subjectDomainPolicyRef;
+ X509_POLICY_DATA *data;
+ X509_POLICY_CACHE *cache = x->policy_cache;
+ int i;
+@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+ if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+ map->subjectDomainPolicy))
+ goto bad_mapping;
++ /* map->subjectDomainPolicy will be freed when
++ * cache->data is freed. Set it to NULL to avoid double-free. */
++ subjectDomainPolicyRef = map->subjectDomainPolicy;
++ map->subjectDomainPolicy = NULL;
+
+ ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
+ if (!ref)
+ goto bad_mapping;
+
+- ref->subjectDomainPolicy = map->subjectDomainPolicy;
+- map->subjectDomainPolicy = NULL;
++ ref->subjectDomainPolicy = subjectDomainPolicyRef;
+ ref->data = data;
+
+ if (!sk_X509_POLICY_REF_push(cache->maps, ref))
+diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
+index 89f84bf..92ad0a2 100644
+--- a/crypto/x509v3/pcy_tree.c
++++ b/crypto/x509v3/pcy_tree.c
+@@ -612,6 +612,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+ case 2:
+ return 1;
+
++ /* Some internal error */
++ case -1:
++ return -1;
++
+ /* Some internal error */
+ case 0:
+ return 0;
+@@ -691,4 +695,3 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+ return 0;
+
+ }
+-
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-15 21:33:47 +0000