[openssl-dev] [openssl.org #4000] Bug in Branch OpenSSL-fips-2_0-stable; file rsa_x931g.c

Stuart, Harold via RT Mon, 10 Aug 2015 17:10:38 -0700

The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and 
has discovered the following minor bug. We do not believe that this bug is 
exploitable.


In branch OpenSSL-fips-2_0-stable, file rsa_x931g.c observe the function 
RSA_X931_derive_ex. At line 84 we see the following:

    if (!rsa)
        goto err;

However, at line 190 we see this:

    err:
    if (ctx)
        {
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
        }
    if (ctx2)
        BN_CTX_free(ctx2);
    /* If this is set all calls successful */
    if (rsa->iqmp != NULL)
        return 1;

Note that the variable rsa is dereferenced, even though it is possible that it 
can be NULL at this point.

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4000] Bug in Branch OpenSSL-fips-2_0-stable; file rsa_x931g.c

Reply via email to