Memory leak in DSA redo case
David Benjamin
davidben at google.com
Wed Dec 16 21:44:07 UTC 2015
dsa_do_sign retries the operation if |r| or |s| end up zero. This results
in leaking the first iteration's value of |ret| since you end up clobbering
the previous allocation.
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/dsa/dsa_ossl.c;h=34b4a4ea4a267b62b21916a85ab79350cd276065;hb=HEAD#l135
The fix is to switch the order of the check and allocating |ret|:
See
https://boringssl.googlesource.com/boringssl/+/2936170d68ec617e1e6f0c2def86728ba29312b7%5E%21/#F0
(This was found via clang's scan-build tool.)
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-bugs-mod/attachments/20151216/e0a77db3/attachment.html>
More information about the openssl-bugs-mod
mailing list