Hello All, In reviewing code in directory 'crypto/evp', in file 'openbsd_hw.c', there is a call to OPENSSL_realloc() which is NOT checked for a return value of NULL, indicating failure. However, the statement after this is memcpy(), which if the destination variable is NULL, will result in a segmentation fault/violation.
The patch file below should address/correct this issue:
--- openbsd_hw.c.orig 2016-03-02 15:36:57.236927351 -0800
+++ openbsd_hw.c 2016-03-03 18:56:58.169567807 -0800
@@ -364,6 +378,10 @@
return do_digest(md_data->sess.ses, md_data->md, data, len);
md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
+ if (md_data->data == NULL) {
+ err("DEV_CRYPTO_MD5_UPDATE: unable to allocate memory");
+ return 0;
+ }
memcpy(md_data->data + md_data->len, data, len);
md_data->len += len;
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4377
Please log in as guest with password guest if prompted
realloc_openbsd_hw.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
