Best is to (re)send this message to [email protected], so it gets assigned a ticket #. Doesn't guarantee you get served, but anyway that's the 'preferred' way of sending in patches with bug reports like this to have them included in OpenSSL.
On Wed, Mar 4, 2009 at 9:47 PM, Marsh Ray <[email protected]> wrote: > Hello Devs, > > I work on a commercial product that uses OpenSSL internally (0.9.8j). > Recently, we received a crash dump from a customer in the field (our > first I think), and we believe we tracked it down to a leak on our > part. > > Nevertheless, it would be nice if memory exhaustion didn't lead to > dereferencing a null pointer. :-) It appears that PKCS12_add_safes is > coded to return NULL in such a situation. Then PKCS12_set_mac passes > p12 to PKCS12_setup_mac which promptly dereferences it. > > Would you please consider accepting this patch? > > Thanks, > > - Marsh > > --- crypto\pkcs12\p12_crt.c Wed Mar 4 13:37:26 2009 > +++ crypto\pkcs12\p12_crt.c Wed Mar 4 12:44:40 2009 > @@ -168,7 +168,8 @@ PKCS12 *PKCS12_create(char *pass, char * > sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); > bags = NULL; > > - p12 = PKCS12_add_safes(safes, 0); > + if (!(p12 = PKCS12_add_safes(safes, 0))) > + goto err; > > sk_PKCS7_pop_free(safes, PKCS7_free); > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > > -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [email protected] mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
