Hi,
This is the follow-up patch suggestion for [openssl.org #3387] Bug
Report with fixes: null pointer and uninitialised memory errors, as
requested.
After running parfait on 1.0.1h, I have removed the first part
(uninitialized memory error.)
This is the patch for the other two files:
2 --- openssl-1.0.1g/crypto/ocsp/ocsp_ht.c.~1~ Tue Jun 3 14:15:18 2014
3 +++ openssl-1.0.1g/crypto/ocsp/ocsp_ht.c Tue Jun 3 14:15:46 2014
4 @@ -490,6 +490,9 @@
5
6 ctx = OCSP_sendreq_new(b, path, req, -1);
7
8 + if (!ctx)
9 + return NULL;
10 +
11 do
12 {
13 rv = OCSP_sendreq_nbio(&resp, ctx);
14 --- openssl-1.0.1g/ssl/d1_both.c.~1~ Tue Jun 3 14:16:25 2014
15 +++ openssl-1.0.1g/ssl/d1_both.c Tue Jun 3 14:17:26 2014
16 @@ -1172,6 +1172,8 @@
17
18 frag = dtls1_hm_fragment_new(s->init_num, 0);
19
20 + if (!frag)
21 + return 0;
22 memcpy(frag->fragment, s->init_buf->data, s->init_num);
23
24 if ( is_ccs)
Thanks,
Jenny Yung
Oracle Solaris Security
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
