Hello All, In reviewing source code for OpenSSL-1.0.2g, it would appear in file 'apps/speed.c', in function 'static int do_multi()', a call to malloc() is made without being tested for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- speed.c.orig 2016-03-01 18:19:44.213529059 -0800
+++ speed.c 2016-03-01 18:21:24.822315918 -0800
@@ -2614,6 +2614,10 @@
static char sep[] = ":";
fds = malloc(multi * sizeof *fds);
+ if (fds == NULL) {
+ fprintf(stderr, "out of memory\n");
+ exit(1);
+ }
for (n = 0; n < multi; ++n) {
if (pipe(fd) == -1) {
fprintf(stderr, "pipe failure\n");
Should the call to malloc() be changed to OPENSSL_malloc() as well?
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4371
Please log in as guest with password guest if prompted
speed.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
