Not tested, as the offending code flow is quite obvious "in hindsight", and
making the pointer NULL after free() is a sufficient safeguard against
double free(). A slightly more readable construction could have used
to different "info" variables for the two different scopes, each with
its own individual free(), exactly one per variable... but that's a
larger change.
Your patch has been applied to the master branch.
Application to 2.6 and earlier is not needed, the offending code is new
(e9ad1b3 or 3512e8d).
commit f7aedca70e24e9a35f0cbd33d1aa708b4daf0055
Author: Lev Stipakov
Date: Thu Apr 17 15:46:30 2025 +0200
ssl_openssl.c: Prevent potential double-free
Signed-off-by: Lev Stipakov <[email protected]>
Acked-by: Antonio Quartulli <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg31478.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
