The branch OpenSSL_1_0_2-stable has been updated
via 7fb82d06746f7503323a7846448e095bf8f5ef9e (commit)
from 06a549c435d6095b33d78f136904c5fc2f7bcf24 (commit)
- Log -----------------------------------------------------------------
commit 7fb82d06746f7503323a7846448e095bf8f5ef9e
Author: Matt Caswell <m...@openssl.org>
Date: Fri Aug 26 15:14:24 2016 +0100
SRP_create_verifier does not check for NULL before OPENSSL_cleanse
OPENSSL_cleanse() does not validate its input parameter for NULL so
SRP_create_verifier() should do so instead. Otherwise a segfault will
result.
Alternative solution to GitHub PR#1006
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/srp/srp_vfy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 986babf..af557a1 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -635,7 +635,8 @@ char *SRP_create_verifier(const char *user, const char
*pass, char **salt,
BN_free(N_bn);
BN_free(g_bn);
}
- OPENSSL_cleanse(vf, vfsize);
+ if (vf != NULL)
+ OPENSSL_cleanse(vf, vfsize);
OPENSSL_free(vf);
BN_clear_free(s);
BN_clear_free(v);
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
