Hello,
There are numerous places in OpenSSL, especially in the BN library, where return values of calls to malloc() or calls to functions that can fail due to malloc() are not checked. This can cause at least crashes that I observed when running an application using OpenSSL in low-memory situations (e.g., using ulimit -v). There is also at least one case (rsa_eay.c) where a return value is indeed checked but the error handling is incorrect regarding the destruction of objects on the stack that haven't yet been initialized, again resulting in a crash. Attached is a diff to fix _some_ instances of these two issues. Thanks, -- Adi Stav - developer Topaz Prism R&D Mercury Interactive +972-3-5399481 [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
