[openssl.org #254] pem_lib.c

[Bodo Moeller via RT]

Thanks, the bug has been fixed now in 0.9.6-stable, 0.9.7-stable and
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #254] pem_lib.c

[Anonymous via RT]

The following is a patch for crypto/pem/pem_lib.c
on openssl-0.9.6g

408,409c408,412
 memset(data,0,(unsigned int)dsize);
 OPENSSL_free(data);
---
 if (data)
 {
 memset(data,0,(unsigned int)dsize);
 OPENSSL_free(data);
 }

This is because it is possible to end up at this code from
a couple of goto errs prior to allocating data.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]