Fixed with commit a03f81f, will be part of next 1.0.2 release. Thanks!
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Dr. Dale,
I actually saw that, but forgot to correct it before sending (my
bad)...:(
Bill
On Mon, Mar 7, 2016 at 1:44 PM, paul.d...@oracle.com via RT
wrote:
> If one of the allocation calls succeeds and the other fails, the patched
> code will leak memory.
> It needs something along the li
If one of the allocation calls succeeds and the other fails, the patched code
will leak memory.
It needs something along the lines of:
if (order != NULL) BN_clear_free(order);
if (d != NULL) BN_clear_free(d);
in the failure case code.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Se
If one of the allocation calls succeeds and the other fails, the patched code
will leak memory.
It needs something along the lines of:
if (order != NULL) BN_clear_free(order);
if (d != NULL) BN_clear_free(d);
in the failure case code.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Se
Hello All,
In reviewing code in directory 'engines/ccgost', file 'gost2001.c',
there are two calls to BN_new() which are not checked for a return
value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- gost2001.c.orig 2016-03-06 11:32:49.676178425 -0800