[openssl.org #1967] [PATCH 05/14] Do not run off the end of the params array.

[David McCullough via RT]

Do not run off the end of the RSA params arrays freeing values
or we will crash (or worse, corrupt the heap).

Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html

-- 
David McCullough,  david_mccullo...@securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.comhttp://www.uCdot.org

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index ab38cd5..4f2470b 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -681,7 +681,7 @@ zapparams(struct crypt_kop *kop)
 {
 	int i;
 
-	for (i = 0; i = kop-crk_iparams + kop-crk_oparams; i++) {
+	for (i = 0; i  kop-crk_iparams + kop-crk_oparams; i++) {
 		if (kop-crk_param[i].crp_p)
 			free(kop-crk_param[i].crp_p);
 		kop-crk_param[i].crp_p = NULL;
-- 
1.6.0.4

[PATCH 05/14] Do not run off the end of the params array.

[David McCullough]

Do not run off the end of the RSA params arrays freeing values
or we will crash (or worse, corrupt the heap).

---
 crypto/engine/eng_cryptodev.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index ab38cd5..4f2470b 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -681,7 +681,7 @@ zapparams(struct crypt_kop *kop)
 {
int i;
 
-   for (i = 0; i = kop-crk_iparams + kop-crk_oparams; i++) {
+   for (i = 0; i  kop-crk_iparams + kop-crk_oparams; i++) {
if (kop-crk_param[i].crp_p)
free(kop-crk_param[i].crp_p);
kop-crk_param[i].crp_p = NULL;

-- 
David McCullough,  david_mccullo...@securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.comhttp://www.uCdot.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org