diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-12 15:09:25 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-12 15:52:42 -0500 |
commit | 46b76c90dae7d57f279cc298c49fc5e06cdf5e32 (patch) | |
tree | ec3ea054009a14dbf2c43399d60d5d7ff646e5c6 | |
parent | 150a28b356a8079cf831f12e5fee9dae698fe9ef (diff) | |
download | openssl_tpm2_engine-46b76c90dae7d57f279cc298c49fc5e06cdf5e32.tar.gz |
signed_tpm2_policy: fix double free
The routine tpm2_new_signed_policy() frees the key, which contains the
policy, on success or failure meaning the TSSAUTHPOLICY has been freed
after exit from this function and we trigger an error if we try to
free it again. There's also a double free of the EVP_PKEY in
tpm2_new_signed_policy().
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | signed_tpm2_policy.c | 3 | ||||
-rw-r--r-- | tpm2-common.c | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/signed_tpm2_policy.c b/signed_tpm2_policy.c index 10c8157..1ddf9b4 100644 --- a/signed_tpm2_policy.c +++ b/signed_tpm2_policy.c @@ -230,6 +230,9 @@ int main(int argc, char **argv) if (rc == 0) exit(0); + /* tpm2_new_signed_policy frees the key which includes the policy */ + goto out_err; + out_free_policy: if (ap->name) ASN1_UTF8STRING_free(ap->name); diff --git a/tpm2-common.c b/tpm2-common.c index e345c6a..cc57595 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -2332,7 +2332,6 @@ TPM_RC tpm2_new_signed_policy(char *tpmkey, char *policykey, char *engine, BIO_free(bf); TSSPRIVKEY_free(tpk); - EVP_PKEY_free(pkey); return 0; err_free_tpmkey: |