Skip to content

Commit 2ea11b1

Browse files
committed
openssl/verify_sha: Fix double free on EC sigs
Signed-off-by: Ben Collins <bcollins@libjwt.io>
1 parent d0d464e commit 2ea11b1

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

libjwt/openssl/sign-verify.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -283,7 +283,7 @@ static int openssl_verify_sha_pem(jwt_t *jwt, const char *head,
283283

284284
if (!ops_compat(jwt->key, JWT_CRYPTO_OPS_OPENSSL))
285285
VERIFY_ERROR("Key is not compatible"); // LCOV_EXCL_LINE
286-
286+
287287
pkey = jwt->key->provider_data;
288288

289289
switch (jwt->alg) {
@@ -373,8 +373,8 @@ static int openssl_verify_sha_pem(jwt_t *jwt, const char *head,
373373

374374
slen = i2d_ECDSA_SIG(ec_sig, NULL);
375375

376-
/* Reset this with the new information. */
377-
sig = jwt_realloc(sig, slen);
376+
/* Reset this with the new information */
377+
sig = jwt_malloc(slen);
378378
if (sig == NULL)
379379
VERIFY_ERROR("Out of memory"); // LCOV_EXCL_LINE
380380

0 commit comments

Comments
 (0)