Hello All, In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/threads', file 'th-lock.c', in function 'CRYPTO_thread_setup', there is a call to OPENSSL_malloc() which is not checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- th-lock.c.orig 2016-03-01 18:46:39.633840674 -0800
+++ th-lock.c 2016-03-01 18:47:40.408564829 -0800
@@ -177,6 +177,10 @@
return;
}
lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ if (!lock_count) {
+ /* Nothing we can do about this...void function! */
+ return;
+ }
for (i = 0; i < CRYPTO_num_locks(); i++) {
lock_count[i] = 0;
# ifdef USE_MUTEX
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4372
Please log in as guest with password guest if prompted
th-lock.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
