Hello Devs, I work on a commercial product that uses OpenSSL internally (0.9.8j). Recently, we received a crash dump from a customer in the field (our first I think), and we believe we tracked it down to a leak on our part.
Nevertheless, it would be nice if memory exhaustion didn't lead to dereferencing a null pointer. :-) It appears that PKCS12_add_safes is coded to return NULL in such a situation. Then PKCS12_set_mac passes p12 to PKCS12_setup_mac which promptly dereferences it. Would you please consider accepting this patch? Thanks, - Marsh --- crypto\pkcs12\p12_crt.c Wed Mar 4 13:37:26 2009 +++ crypto\pkcs12\p12_crt.c Wed Mar 4 12:44:40 2009 @@ -168,7 +168,8 @@ PKCS12 *PKCS12_create(char *pass, char * sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); bags = NULL; - p12 = PKCS12_add_safes(safes, 0); + if (!(p12 = PKCS12_add_safes(safes, 0))) + goto err; sk_PKCS7_pop_free(safes, PKCS7_free); ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
