In this code (dsa_asn1.c):
71 static int sig_cb(int operation, ASN1_VALUE **pval, const
ASN1_ITEM *it)
72 {
73 if(operation == ASN1_OP_NEW_PRE) {
74 DSA_SIG *sig;
75 sig = OPENSSL_malloc(sizeof(DSA_SIG));
76 sig->r = NULL;
77 sig->s = NULL;
78 *pval = (ASN1_VALUE *)sig;
79 if(sig) return 2;
80 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
81 return 0;
82 }
83 return 1;
84 }
At line 79, we check if sig is null (which means we believe it's
plausibly null), but a few lines back, we dereferenced that pointer.
(FTR, this defect was found by Coverity Prevent.)
Michael
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org