[openssl.org #1967] [PATCH 05/14] Do not run off the end of the params array.
Do not run off the end of the RSA params arrays freeing values or we will crash (or worse, corrupt the heap). Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index ab38cd5..4f2470b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -681,7 +681,7 @@ zapparams(struct crypt_kop *kop) { int i; - for (i = 0; i = kop-crk_iparams + kop-crk_oparams; i++) { + for (i = 0; i kop-crk_iparams + kop-crk_oparams; i++) { if (kop-crk_param[i].crp_p) free(kop-crk_param[i].crp_p); kop-crk_param[i].crp_p = NULL; -- 1.6.0.4
[PATCH 05/14] Do not run off the end of the params array.
Do not run off the end of the RSA params arrays freeing values or we will crash (or worse, corrupt the heap). --- crypto/engine/eng_cryptodev.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index ab38cd5..4f2470b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -681,7 +681,7 @@ zapparams(struct crypt_kop *kop) { int i; - for (i = 0; i = kop-crk_iparams + kop-crk_oparams; i++) { + for (i = 0; i kop-crk_iparams + kop-crk_oparams; i++) { if (kop-crk_param[i].crp_p) free(kop-crk_param[i].crp_p); kop-crk_param[i].crp_p = NULL; -- David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815 McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org