From: Dr. Matthias St. Pierre Date: Sat, 20 Oct 2018 14:53:09 +0000 (+0200) Subject: RAND_add(): fix heap corruption in error path X-Git-Tag: OpenSSL_1_1_1a~90 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ece482ff3ad958872ab011dc3e9af49ecb238ec8;p=oweals%2Fopenssl.git RAND_add(): fix heap corruption in error path This bug was introduced by #7382 which enhanced RAND_add() to accept large buffer sizes. As a consequence, RAND_add() now fails for buffer sizes less than 32 bytes (i.e. less than 256 bits). In addition, rand_drbg_get_entropy() forgets to reset the attached drbg->pool in the case of an error, which leads to the heap corruption. The problem occurred with RAND_load_file(), which reads the file in chunks of 1024 bytes each. If the size of the final chunk is less than 32 bytes, then RAND_add() fails, whence RAND_load_file() fails silently for buffer sizes n = k * 1024 + r with r = 1,...,31. This commit fixes the heap corruption only. The other issues will be addressed in a separate pull request. Thanks to Gisle Vanem for reporting this issue. Fixes #7449 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7455) (cherry picked from commit 5b4cb385c18a5bb4e118e300f1c746bf7c2a5628) --- diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index f40c513ce8..e6fcbce7fd 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -200,6 +200,10 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, } err: + /* we need to reset drbg->pool in the error case */ + if (ret == 0 && drbg->pool != NULL) + drbg->pool = NULL; + rand_pool_free(pool); return ret; }