[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

bernd . edlinger Sun, 02 Jul 2017 00:06:45 -0700

The branch OpenSSL_1_0_2-stable has been updated
       via  0cfb422656b0807b23f63fccea0a12ab2bddbbb1 (commit)
      from  282c1321962e7ed1714c7d59495c60affce806db (commit)



- Log -----------------------------------------------------------------
commit 0cfb422656b0807b23f63fccea0a12ab2bddbbb1
Author: Bernd Edlinger <bernd.edlin...@hotmail.de>
Date:   Sat Jul 1 22:18:10 2017 +0200

    Fix a memory leak in ecdh/ecdsa_check.
    
    Reviewed-by: Rich Salz <rs...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3825)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ecdh/ech_lib.c  | 9 ++++++++-
 crypto/ecdsa/ecs_lib.c | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index cbc21d1..9cc2258 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
              */
             ecdh_data_free(ecdh_data);
             ecdh_data = (ECDH_DATA *)data;
+        } else if (EC_KEY_get_key_method_data(key, ecdh_data_dup,
+                                              ecdh_data_free,
+                                              ecdh_data_free) != ecdh_data) {
+            /* Or an out of memory error in EC_KEY_insert_key_method_data. */
+            ecdh_data_free(ecdh_data);
+            return NULL;
         }
-    } else
+    } else {
         ecdh_data = (ECDH_DATA *)data;
+    }
 #ifdef OPENSSL_FIPS
     if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
         && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 8dc1dda..f1dd472 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
              */
             ecdsa_data_free(ecdsa_data);
             ecdsa_data = (ECDSA_DATA *)data;
+        } else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup,
+                                              ecdsa_data_free,
+                                              ecdsa_data_free) != ecdsa_data) {
+            /* Or an out of memory error in EC_KEY_insert_key_method_data. */
+            ecdsa_data_free(ecdsa_data);
+            return NULL;
         }
-    } else
+    } else {
         ecdsa_data = (ECDSA_DATA *)data;
+    }
 #ifdef OPENSSL_FIPS
     if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
         && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Reply via email to