There's a problem in bntest.c from openssl-0.9.6c. It appears that
this revision of the file is still the latest (rev 1.55), at least
via CVSweb.
The problem is that there are calls to BN_free() to attempt to free
BIGNUMs that are not created by BN_new(). These calls presumably
came about when changing the code to use stack-based automatic
variables instead of pointers.
For example, lines 290-292 of test_add() will try to Free() memory
that was never Malloc()d:
252 int test_add(BIO *bp)
253 {
254 BIGNUM a,b,c;
255 int i;
256
257 BN_init(&a);
258 BN_init(&b);
259 BN_init(&c);
260
261 BN_bntest_rand(&a,512,0,0);
262 for (i=0; i<num0; i++)
263 {
:
: snip
:
289 }
290 BN_free(&a);
291 BN_free(&b);
292 BN_free(&c);
293 return(1);
294 }
(Previous versions of this code declared BIGNUM *a, *b, *c, then set
a = BN_new() etc, then called BN_free(a). That was fine.)
The calls to BN_free() should just be deleted.
The occurrences of this usage I found in bntest.c are:
290: BN_free(&a);
291: BN_free(&b);
292: BN_free(&c);
341: BN_free(&a);
342: BN_free(&b);
343: BN_free(&c);
403: BN_free(&a);
404: BN_free(&b);
405: BN_free(&c);
406: BN_free(&d);
407: BN_free(&e);
475: BN_free(&a);
476: BN_free(&b);
477: BN_free(&c);
478: BN_free(&d);
479: BN_free(&e);
531: BN_free(&a);
532: BN_free(&b);
533: BN_free(&c);
534: BN_free(&d);
535: BN_free(&e);
575: BN_free(&a);
576: BN_free(&c);
577: BN_free(&d);
578: BN_free(&e);
647: BN_free(&a);
648: BN_free(&b);
649: BN_free(&c);
650: BN_free(&d);
651: BN_free(&A);
652: BN_free(&B);
653: BN_free(&n);
I haven't looked at any of the other source files for similar
issues; I was just trying to get bntest.c up-and-running in my
own project.
Many thanks
Tom Cosgrove
London, UK
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
