Fix crash in qsslsocket_openssl

We were using the wrong free function in a path which was hit in an edge case (PKCS#12 certificate without a private key attached). Change-Id: I5335b5dea7a926b242bed0fd9b989b681a5828d8 Reviewed-by: Timur Pocheptsov <[email protected]>
w45350956 · May 4, 2018 · 28071ad · 28071ad
1 parent 93e0ff0
commit 28071ad
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
@@ -1517,7 +1517,7 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device,
     if (!key->d->fromEVP_PKEY(pkey)) {
         qCWarning(lcSsl, "Unable to convert private key");
         q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca),
-                              reinterpret_cast<void (*)(void *)>(q_OPENSSL_sk_free));
+                              reinterpret_cast<void (*)(void *)>(q_X509_free));
         q_X509_free(x509);
         q_EVP_PKEY_free(pkey);
         q_PKCS12_free(p12);
@@ -1532,8 +1532,6 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device,
         *caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca);
 
     // Clean up
-    // TODO: verify ASAP, in the past we had sk_pop_free with q_OPENSSL_sk_free
-    // which seems to be blatantly wrong and even crashes with 1.1.
     q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca),
                           reinterpret_cast<void (*)(void *)>(q_X509_free));