[openssl-commits] [openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Mon Oct 22 12:56:08 UTC 2018

The branch master has been updated
       via  5b4cb385c18a5bb4e118e300f1c746bf7c2a5628 (commit)
      from  d8cac50b023be249cdaba054f43acecf17025ce4 (commit)

- Log -----------------------------------------------------------------
commit 5b4cb385c18a5bb4e118e300f1c746bf7c2a5628
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Sat Oct 20 16:53:09 2018 +0200

    RAND_add(): fix heap corruption in error path
    This bug was introduced by #7382 which enhanced RAND_add() to
    accept large buffer sizes. As a consequence, RAND_add() now fails
    for buffer sizes less than 32 bytes (i.e. less than 256 bits).
    In addition, rand_drbg_get_entropy() forgets to reset the attached
    drbg->pool in the case of an error, which leads to the heap corruption.
    The problem occurred with RAND_load_file(), which reads the file in
    chunks of 1024 bytes each. If the size of the final chunk is less than
    32 bytes, then RAND_add() fails, whence RAND_load_file() fails
    silently for buffer sizes n = k * 1024 + r with r = 1,...,31.
    This commit fixes the heap corruption only. The other issues will
    be addressed in a separate pull request.
    Thanks to Gisle Vanem for reporting this issue.
    Fixes #7449
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7455)


Summary of changes:
 crypto/rand/rand_lib.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index f40c513..e6fcbce 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -200,6 +200,10 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+    /* we need to reset drbg->pool in the error case */
+    if (ret == 0 && drbg->pool != NULL)
+        drbg->pool = NULL;
     return ret;

More information about the openssl-commits mailing list