The branch master has been updated via d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 (commit) from e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6 (commit)
- Log ----------------------------------------------------------------- commit d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 10 23:12:36 2015 +0000 Remove an NULL ptr deref in an error path The |passwd| variable in the code can be NULL if it goes to the err label. Therefore we cannot call strlen on it without first checking that it is non NULL. Reviewed-by: Kurt Roeckx <k...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/tls_srp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 91b88cd..64a3f23 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -393,7 +393,8 @@ int srp_generate_client_master_secret(SSL *s) err: BN_clear_free(K); BN_clear_free(x); - OPENSSL_clear_free(passwd, strlen(passwd)); + if (passwd != NULL) + OPENSSL_clear_free(passwd, strlen(passwd)); BN_clear_free(u); return ret; } _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits