Best is to (re)send this message to r...@openssl.org, so it gets assigned a ticket #. Doesn't guarantee you get served, but anyway that's the 'preferred' way of sending in patches with bug reports like this to have them included in OpenSSL.
On Wed, Mar 4, 2009 at 9:47 PM, Marsh Ray <marsh...@gmail.com> wrote: > Hello Devs, > > I work on a commercial product that uses OpenSSL internally (0.9.8j). > Recently, we received a crash dump from a customer in the field (our > first I think), and we believe we tracked it down to a leak on our > part. > > Nevertheless, it would be nice if memory exhaustion didn't lead to > dereferencing a null pointer. :-) It appears that PKCS12_add_safes is > coded to return NULL in such a situation. Then PKCS12_set_mac passes > p12 to PKCS12_setup_mac which promptly dereferences it. > > Would you please consider accepting this patch? > > Thanks, > > - Marsh > > --- crypto\pkcs12\p12_crt.c Wed Mar 4 13:37:26 2009 > +++ crypto\pkcs12\p12_crt.c Wed Mar 4 12:44:40 2009 > @@ -168,7 +168,8 @@ PKCS12 *PKCS12_create(char *pass, char * > sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); > bags = NULL; > > - p12 = PKCS12_add_safes(safes, 0); > + if (!(p12 = PKCS12_add_safes(safes, 0))) > + goto err; > > sk_PKCS7_pop_free(safes, PKCS7_free); > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > > -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
