[jaenicke - Mon Dec 1 09:08:26 2003]: > On Sat, Nov 29, 2003 at 12:07:01AM +0100, Richard Levitte via RT > wrote: [...] > > > > One way to solve that would be for CRYPTO_malloc() to return NULL if > it > > gets 0 as the size to allocate. > > Yes, that would be ok. We however also should explicitely take care of > the > issue behind it: in evp_enc.c:151, memory for cipher_data is allocated > without > checking the length first. If the length is 0, the malloc() should not > be > called and NULL should be set for clarity...
Right. I just did two commits, one that makes CRYPTO_malloc() and friends return NULL when the given size is 0, and one that checks if OPENSSL_malloc() returned a NULL in evp_enc.c, and signals an appropriate error if it did. I think that resolves this ticket. Thanks to all involved. -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
