Bug in EVP_MD_CTX_copy_ex's malloc failure handling
David Benjamin
davidben at google.com
Wed Dec 16 23:34:33 UTC 2015
EVP_MD_CTX_copy_ex is implemented with memcpy, followed by manually fixing
up |out->pctx| and |out->md_data|.
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/digest.c;h=5da0e01039a6da039942db9f1bf8b70753f509f2;hb=HEAD#l292
If allocating |out->md_data| fails, then both |out->pctx| and |in->pctx|
may point to the same EVP_PKEY_CTX and freeing |out| will cause problems.
We fixed this by not using memcpy.
https://boringssl.googlesource.com/boringssl/+/306ece31bcaaed49e0240a2e5555f8901ebb2d45%5E%21/crypto/digest/digest.c
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-bugs-mod/attachments/20151216/91b09291/attachment.html>
More information about the openssl-bugs-mod
mailing list