Merge "Fix double-free in DSA code (CVE-2016-0705)"
diff --git a/lib/openssl/crypto/dsa/dsa_ameth.c b/lib/openssl/crypto/dsa/dsa_ameth.c
index 6413aae..af74044 100644
--- a/lib/openssl/crypto/dsa/dsa_ameth.c
+++ b/lib/openssl/crypto/dsa/dsa_ameth.c
@@ -200,6 +200,7 @@
STACK_OF(ASN1_TYPE) *ndsa = NULL;
DSA *dsa = NULL;
+ int ret =0;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
@@ -281,23 +282,21 @@
}
EVP_PKEY_assign_DSA(pkey, dsa);
+ ret = 1;
+ goto done;
+
+ decerr:
+ DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dsaerr:
+ DSA_free(dsa);
+ done:
BN_CTX_free (ctx);
if(ndsa)
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
else
ASN1_INTEGER_free(privkey);
- return 1;
-
- decerr:
- DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
- dsaerr:
- BN_CTX_free (ctx);
- if (privkey)
- ASN1_INTEGER_free(privkey);
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- DSA_free(dsa);
- return 0;
+ return ret;
}
static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)