[openssl-dev] [openssl.org #4404] [PATCH] Missing Sanity Check for OPENSSL_strdup() in OpenSSL-1.1 pre-4

Bill Parker via RT Wed, 09 Mar 2016 10:06:06 -0800

Hello All,

In reviewing code in directory 'crypto/conf', file 'conf_mod.c',
there is a call to OPENSSL_strdup() which is not checked for a
return value of NULL, indicating failure.


The patch file below adds the test, and releases the previously allocated
memory assigned to 'tmod':

--- conf_mod.c.orig     2016-03-08 18:05:52.017031376 -0800
+++ conf_mod.c  2016-03-08 18:08:22.865203402 -0800
@@ -284,6 +284,10 @@

     tmod->dso = dso;
     tmod->name = OPENSSL_strdup(name);
+    if (tmod->name == NULL) {
+       OPENSSL_free(tmod);
+       return NULL;
+    }
     tmod->init = ifunc;
     tmod->finish = ffunc;

=======================================================================


Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4404
Please log in as guest with password guest if prompted

openssl11-conf_mod.c.patch
Description: Binary data

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4404] [PATCH] Missing Sanity Check for OPENSSL_strdup() in OpenSSL-1.1 pre-4

Reply via email to