[openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

Dr. Dale, I actually saw that, but forgot to correct it before sending (my bad)...:( Bill On Mon, Mar 7, 2016 at 1:44 PM, paul.d...@oracle.com via RT wrote: > If one of the allocation calls succeeds and the other fails, the patched > code will leak memory. > It needs

Re: [openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

If one of the allocation calls succeeds and the other fails, the patched code will leak memory. It needs something along the lines of: if (order != NULL) BN_clear_free(order); if (d != NULL) BN_clear_free(d); in the failure case code. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network

Re: [openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

If one of the allocation calls succeeds and the other fails, the patched code will leak memory. It needs something along the lines of: if (order != NULL) BN_clear_free(order); if (d != NULL) BN_clear_free(d); in the failure case code. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network

[openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

Hello All, In reviewing code in directory 'engines/ccgost', file 'gost2001.c', there are two calls to BN_new() which are not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue: --- gost2001.c.orig 2016-03-06 11:32:49.676178425