Fix use-after-free in znc --makepem

X509_get_subject_name() returns an internal pointer, which was destroyed by X509_set_subject_name(), and then accessed again in X509_set_issuer_name(). But X509_set_subject_name() isn't needed at all, because subject name was modified in place.
2026-05-18 07:15:54 +02:00 · 2017-11-12 16:45:23 +00:00
parent 44418f5aaf
commit 744bd7d55c
1 changed files with 0 additions and 1 deletions
@@ -121,7 +121,6 @@ void CUtils::GenerateCert(FILE* pOut, const CString& sHost) {
    X509_NAME_add_entry_by_txt(pName, "emailAddress", MBSTRING_ASC,
                               (unsigned char*)sEmailAddr.c_str(), -1, -1, 0);

-    X509_set_subject_name(pCert.get(), pName);
    X509_set_issuer_name(pCert.get(), pName);

    if (!X509_sign(pCert.get(), pKey.get(), EVP_sha256())) return;