diff options
| author | Arne Schwabe | 2023-06-01 11:57:21 +0200 |
|---|---|---|
| committer | Gert Doering | 2023-06-03 10:02:54 +0200 |
| commit | 205c66bd0ed2661c47b9fe7317089fbb09cc7aa4 (patch) | |
| tree | aeeaafab445534dc59f141cd2e9bf7d81d64c3eb | |
| parent | cfcc20ff2bf184edb06e2d918d697f0ef81a0e82 (diff) | |
| download | openvpn-205c66bd0ed2661c47b9fe7317089fbb09cc7aa4.zip openvpn-205c66bd0ed2661c47b9fe7317089fbb09cc7aa4.tar.gz | |
Fix use-after-free with EVP_CIPHER_free
In many scenarios the context will still have a reference to the cipher, so
this use-after-free does not explode but it is still wrong.
Change-Id: I59002d6613eaef36d5a47b20b56073e399cfa1df
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <20230601095721.4065834-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26735.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 13f5e615310ea64ab69f521e622a10f2d0ad3f4e)
| -rw-r--r-- | src/openvpn/crypto_openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c2ac80b..f5372f8 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -839,9 +839,9 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, crypto_msg(M_FATAL, "EVP cipher init #2"); } - EVP_CIPHER_free(kt); /* make sure we used a big enough key */ ASSERT(EVP_CIPHER_CTX_key_length(ctx) <= EVP_CIPHER_key_length(kt)); + EVP_CIPHER_free(kt); } int |