The following patch helps me
--- openssl-1.0.2f/crypto/srp/srp_vfy.c 2016-01-28 14:38:31.000000000 +0100
+++ openssl-1.0.2f-patched/crypto/srp/srp_vfy.c 2016-03-02 12:18:01.320339059
+0100
@@ -588,8 +588,12 @@
BN_free(N_bn);
BN_free(g_bn);
}
- OPENSSL_cleanse(vf, vfsize);
- OPENSSL_free(vf);
+
+ if (vf) {
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ }
+
BN_clear_free(s);
BN_clear_free(v);
return result;
note that it seems to be fixed in more recent openssl versions.
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1551274
Title:
creating SRP file crashes openssl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1551274/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
