The branch master has been updated
via d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 (commit)
from e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6 (commit)
- Log -----------------------------------------------------------------
commit d73ca3efa74bbb620a1e74deb5eec6f3d10203d5
Author: Matt Caswell <[email protected]>
Date: Tue Nov 10 23:12:36 2015 +0000
Remove an NULL ptr deref in an error path
The |passwd| variable in the code can be NULL if it goes to the err label.
Therefore we cannot call strlen on it without first checking that it is non
NULL.
Reviewed-by: Kurt Roeckx <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
ssl/tls_srp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 91b88cd..64a3f23 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -393,7 +393,8 @@ int srp_generate_client_master_secret(SSL *s)
err:
BN_clear_free(K);
BN_clear_free(x);
- OPENSSL_clear_free(passwd, strlen(passwd));
+ if (passwd != NULL)
+ OPENSSL_clear_free(passwd, strlen(passwd));
BN_clear_free(u);
return ret;
}
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
