[openssl-dev] [openssl.org #3786] [PATCH] Check return value of CRYPTO_malloc

Loganaden Velvindron via RT rt at openssl.org
Tue Apr 7 07:23:33 UTC 2015


Hi folks,

As reported by Nicholas Lemonias:

crypto_malloc() value is not checked in CRYPTO_strdup.

Patch URL:
http://elandsys.com/~logan/mem.c.diff


Patch here:

diff --git a/crypto/mem.c b/crypto/mem.c
index 2ce3e89..b9badbf 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -364,6 +364,8 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 char *CRYPTO_strdup(const char *str, const char *file, int line)
 {
     char *ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+    if (ret == NULL)
+ return NULL;

     strcpy(ret, str);
     return ret;




-- 
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.




More information about the openssl-dev mailing list