Hello,
Our UC-KLEE tool found a free of a garbage pointer in the latest OpenSSL (and
LibreSSL) that would cause either a segfault or heap corruption depending on
the pre-existing heap contents.
The bug occurs in ec_wNAF_mul (crypto/ec/ec_mult.c). If the allocation of wNAF
on line 448 succeeds but any of the three surrounding allocations fail, the
"goto err" on line 454 is taken without initializing the wNAF array. This
causes the OPENSSL_free on line 729 to free at least one garbage pointer.
LibreSSL appears to contain the same bug, although some of this code has been
rewritten slightly.
446: wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
447: wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
448: wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /*
includes space for pivot */
449: val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
450:
451: if (!wsize || !wNAF_len || !wNAF || !val_sub)
452: {
453: ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
454: goto err; <~~~~~~~~~~~~~ JUMP TAKEN
455: }
...
715: err:
716: if (new_ctx != NULL)
717: BN_CTX_free(new_ctx);
718: if (tmp != NULL)
719: EC_POINT_free(tmp);
720: if (wsize != NULL)
721: OPENSSL_free(wsize);
722: if (wNAF_len != NULL)
723: OPENSSL_free(wNAF_len);
724: if (wNAF != NULL)
725: {
726: signed char **w;
727:
728: for (w = wNAF; *w != NULL; w++)
729: OPENSSL_free(*w); <~~~~~~~~~~~~~ GARBAGE FREE
Please let me know if you have any questions about this bug.
Thanks,
-David
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
