[openssl.org #2914] Crash in x_name.c on out of memory

Ajit Dhumale via RT Tue, 20 Nov 2012 00:32:47 -0800

Hello,

While investigating a crash, I observed that x_name.c uses return value of 
X509_NAME_ENTRY_new without checking for NULL. Under out-of-memory condition, 
this leads to a crash. Here it a patch that fixed the crash for me (also 
attached).


--- crypto/asn1/x_name.c        2012-02-27 11:00:05.000000000 -0800
+++ crypto/asn1/x_name_fixed.c  2012-11-12 16:46:51.956567700 -0800
@@ -350,6 +350,8 @@
                        set = entry->set;
                        }
                tmpentry = X509_NAME_ENTRY_new();
+               if(!tmpentry)
+                       goto err;
                tmpentry->object = OBJ_dup(entry->object);
                if (!asn1_string_canon(tmpentry->value, entry->value))
                        goto err;


Best regards,
Ajit Dhumale

--- crypto/asn1/x_name.c	2012-02-27 11:00:05.000000000 -0800
+++ crypto/asn1/x_name_fixed.c	2012-11-12 16:46:51.956567700 -0800
@@ -350,6 +350,8 @@
 			set = entry->set;
 			}
 		tmpentry = X509_NAME_ENTRY_new();
+		if(!tmpentry)
+			goto err;
 		tmpentry->object = OBJ_dup(entry->object);
 		if (!asn1_string_canon(tmpentry->value, entry->value))
 			goto err;

[openssl.org #2914] Crash in x_name.c on out of memory

Reply via email to