There is a bug in the implementation of d2i_PrivateKey in
crypto/asn1/d2i_pr.c.
If the function is called with *a != NULL and returns NULL, the value of
*a is not changed, but the EVP_PKEY it refers to might have been freed or
not depending on whether line 100 was reached or not. If the caller makes
the wrong guess this can result in a crash due to a double free or in a
memory leak.
Best regards
Harry Reimann
--
Ticket here:
http://rt.openssl.org/Ticket/Display.html?id=4527
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe:
https://mta.openssl.org/mailman/listinfo/openssl-dev