[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Nov 17 11:20:12 UTC 2015

The branch master has been updated
       via  d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 (commit)
      from  e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6 (commit)

- Log -----------------------------------------------------------------
commit d73ca3efa74bbb620a1e74deb5eec6f3d10203d5
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Nov 10 23:12:36 2015 +0000

    Remove an NULL ptr deref in an error path
    The |passwd| variable in the code can be NULL if it goes to the err label.
    Therefore we cannot call strlen on it without first checking that it is non
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>


Summary of changes:
 ssl/tls_srp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 91b88cd..64a3f23 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -393,7 +393,8 @@ int srp_generate_client_master_secret(SSL *s)
-    OPENSSL_clear_free(passwd, strlen(passwd));
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
     return ret;

More information about the openssl-commits mailing list