Fixed now, along with a few similar cases. Thanks for the report.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4403
Please log in as guest with
Hello All,
In reviewing code in directory 'crypto/modes', file 'ocb128.c', there is a
call to OPENSSL_realloc() which has the potential to clobber the old value
of
variable 'ctx->l', if the call returns NULL.
The patch file below uses a void *tmp_ptr to prevent this from occuring:
---