From 744bd7d55c7093c38c4c887dd74a9dc792be2ce1 Mon Sep 17 00:00:00 2001
From: Alexey Sokolov <alexey+znc@asokolov.org>
Date: Sun, 12 Nov 2017 16:45:23 +0000
Subject: [PATCH] Fix use-after-free in znc --makepem

X509_get_subject_name() returns an internal pointer, which was destroyed
by X509_set_subject_name(), and then accessed again in
X509_set_issuer_name().
But X509_set_subject_name() isn't needed at all, because subject name
was modified in place.
---
 src/Utils.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/Utils.cpp b/src/Utils.cpp
index 5ea7985b..e72f05bb 100644
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -121,7 +121,6 @@ void CUtils::GenerateCert(FILE* pOut, const CString& sHost) {
     X509_NAME_add_entry_by_txt(pName, "emailAddress", MBSTRING_ASC,
                                (unsigned char*)sEmailAddr.c_str(), -1, -1, 0);
 
-    X509_set_subject_name(pCert.get(), pName);
     X509_set_issuer_name(pCert.get(), pName);
 
     if (!X509_sign(pCert.get(), pKey.get(), EVP_sha256())) return;