diff options
Diffstat (limited to 'use-after-free.patch')
-rw-r--r-- | use-after-free.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/use-after-free.patch b/use-after-free.patch new file mode 100644 index 000000000000..936186dfd7c3 --- /dev/null +++ b/use-after-free.patch @@ -0,0 +1,20 @@ +diff -Naur yubico-piv-tool-2.3.0.org/ykcs11/tests/ykcs11_tests_util.c yubico-piv-tool-2.3.0/ykcs11/tests/ykcs11_tests_util.c +--- yubico-piv-tool-2.3.0.org/ykcs11/tests/ykcs11_tests_util.c 2022-06-29 10:40:32.725836092 +0200 ++++ yubico-piv-tool-2.3.0/ykcs11/tests/ykcs11_tests_util.c 2022-02-23 14:54:47.000000000 +0100 +@@ -1224,7 +1223,6 @@ + asrt(funcs->C_Decrypt(session, enc, enc_len, dec, &dec_len), CKR_OK, "DECRYPT"); + asrt(dec_len, data_len, "DECRYPTED DATA LEN"); + asrt(memcmp(data, dec, dec_len), 0, "DECRYPTED DATA"); +- free(dec); + + // Decrypt Update + asrt(funcs->C_DecryptInit(session, &mech, obj_pvtkey[i]), CKR_OK, "DECRYPT INIT"); +@@ -1234,6 +1234,8 @@ + asrt(funcs->C_DecryptUpdate(session, enc+100, 8, dec, &dec_len), CKR_OK, "DECRYPT UPDATE"); + dec_len = sizeof(dec); + asrt(funcs->C_DecryptUpdate(session, enc+108, 20, dec, &dec_len), CKR_OK, "DECRYPT UPDATE"); ++ free(dec); ++ + dec_len = 0; + asrt(funcs->C_DecryptFinal(session, NULL, &dec_len), CKR_OK, "DECRYPT FINAL"); + dec = malloc(dec_len); |