Hi, Recently, I found some bugs in ver.1.0.2d.
DESCRIPTION _____ 1. Line 122 in a_enum.c: return (0xffffffffL); I think it should be "return -1;". 2. Line 149 in a_enum.c: if (BN_is_negative(bn)) I think it should be "if (BN_is_negative(bn) && !BN_is_zero(bn))". 3. Line 161 and line 164 in f_string.c: sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2); sp = (unsigned char *)OPENSSL_realloc(s, (unsigned int)num + i * 2); Allocation "num + i" is enough. 4. Function a2i_ASN1_STRING in f_string.c. The processing of the contents containing "\\" is not correct. 5. Function a2i_ASN1_STRING in f_string.c. There is a memory leak when the content like "1234567\\\r\n890". 6. Line 155 and line 158 in f_enum.c: sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2); sp = (unsigned char *)OPENSSL_realloc(s, (unsigned int)num + i * 2); Allocation "num + i" is enough. 7. Function a2i_ASN1_ENUMERATED in f_enum.c. The processing of the contents containing "\\" is not correct. 8. Function a2i_ASN1_ENUMERATED in f_enum.c. There is a memory leak when the content like "1234567\\\r\n890". 9. Line 169 and line 172 in f_int.c: sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + i * 2); sp = sp = OPENSSL_realloc_clean(s, slen, num + i * 2); Allocation "num + i" is enough. 10. Function a2i_ASN1_INTEGER in f_int.c. The processing of the contents containing "\\" is not correct. 11. Function a2i_ASN1_INTEGER in f_int.c. There is a memory leak when the content like "1234567\\\r\n890". 12. Line 226 in t1_ext.c: exts->meths = OPENSSL_realloc(exts->meths, (exts->meths_count + 1) * sizeof(custom_ext_method)); There's a risk of memory leaks. 13. Line 896 in ssl_rsa.c: ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo, serverinfo_length); There's a risk of memory leaks. 14. Line 979 in ssl_rsa.c: serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); There's a risk of memory leaks. 15. Line 366 in openbsd_hw.c: md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len); There's a risk of memory leaks. 16. Line 812 in eng_cryptodev.c: state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); There's a risk of memory leaks. 17. Line 899 in b_sock.c: p = OPENSSL_realloc(p, nl); There's a risk of memory leaks. 18. Line 724 in b_print.c: *buffer = OPENSSL_realloc(*buffer, *maxlen); There's a risk of memory leaks. 19. Line 117 in engine.c: *buf = OPENSSL_realloc(*buf, *size); There's a risk of memory leaks. Thanks, Shi Lei / Qihoo 360 Inc. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4585 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
