Hi folks, As reported by Nicholas Lemonias:
crypto_malloc() value is not checked in CRYPTO_strdup. Patch URL: http://elandsys.com/~logan/mem.c.diff Patch here: diff --git a/crypto/mem.c b/crypto/mem.c index 2ce3e89..b9badbf 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -364,6 +364,8 @@ void *CRYPTO_malloc(int num, const char *file, int line) char *CRYPTO_strdup(const char *str, const char *file, int line) { char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); + if (ret == NULL) + return NULL; strcpy(ret, str); return ret; -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
