projects
/
oweals
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
e4693b4
)
Remove an NULL ptr deref in an error path
author
Matt Caswell
<matt@openssl.org>
Tue, 10 Nov 2015 23:12:36 +0000
(23:12 +0000)
committer
Matt Caswell
<matt@openssl.org>
Tue, 17 Nov 2015 11:17:37 +0000
(11:17 +0000)
The |passwd| variable in the code can be NULL if it goes to the err label.
Therefore we cannot call strlen on it without first checking that it is non
NULL.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
ssl/tls_srp.c
patch
|
blob
|
history
diff --git
a/ssl/tls_srp.c
b/ssl/tls_srp.c
index 91b88cd11f6ee3d413de743df8d423dd54a5e82c..64a3f23df74b029940e026106111b4ffb8299bfc 100644
(file)
--- a/
ssl/tls_srp.c
+++ b/
ssl/tls_srp.c
@@
-393,7
+393,8
@@
int srp_generate_client_master_secret(SSL *s)
err:
BN_clear_free(K);
BN_clear_free(x);
- OPENSSL_clear_free(passwd, strlen(passwd));
+ if (passwd != NULL)
+ OPENSSL_clear_free(passwd, strlen(passwd));
BN_clear_free(u);
return ret;
}