Hello All, In reviewing source code for OpenSSL-1.0.2g, it would appear in file 'apps/speed.c', in function 'static int do_multi()', a call to malloc() is made without being tested for a return value of NULL, indicating failure.
The patch file below should address/correct this issue: --- speed.c.orig 2016-03-01 18:19:44.213529059 -0800 +++ speed.c 2016-03-01 18:21:24.822315918 -0800 @@ -2614,6 +2614,10 @@ static char sep[] = ":"; fds = malloc(multi * sizeof *fds); + if (fds == NULL) { + fprintf(stderr, "out of memory\n"); + exit(1); + } for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { fprintf(stderr, "pipe failure\n"); Should the call to malloc() be changed to OPENSSL_malloc() as well? Bill Parker (wp02855 at gmail dot com) -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4371 Please log in as guest with password guest if prompted
speed.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev