From 38201e116169eacaa08e162c6936ffd38d2bd99f Mon Sep 17 00:00:00 2001 From: Feng Jie Date: Thu, 2 Aug 2018 11:07:34 +0800 Subject: [PATCH] Fix unnecessary free in o2i_SM2CiphertextValue The caller will crash when using the return value from o2i_SM2CiphertextValue. Because the returned pointer to SM2CiphertextValue has been free, regardless of success or failure in this method. When assign cv to ret, cv should be set NULL just like the behaviour in SM2_do_encrypt. --- crypto/sm2/sm2_oct.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/sm2/sm2_oct.c b/crypto/sm2/sm2_oct.c index f9ca4cfb..0a006cce 100755 --- a/crypto/sm2/sm2_oct.c +++ b/crypto/sm2/sm2_oct.c @@ -272,6 +272,7 @@ SM2CiphertextValue *o2i_SM2CiphertextValue(const EC_GROUP *group, /* set result */ *pin = p; ret = cv; + cv = NULL; end: if ((cv != *pout) && (!ret))