[openssl-dev] [openssl.org #3786] [PATCH] Check return value of CRYPTO_malloc
Loganaden Velvindron via RT
rt at openssl.org
Tue Apr 7 07:23:33 UTC 2015
Hi folks,
As reported by Nicholas Lemonias:
crypto_malloc() value is not checked in CRYPTO_strdup.
Patch URL:
http://elandsys.com/~logan/mem.c.diff
Patch here:
diff --git a/crypto/mem.c b/crypto/mem.c
index 2ce3e89..b9badbf 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -364,6 +364,8 @@ void *CRYPTO_malloc(int num, const char *file, int line)
char *CRYPTO_strdup(const char *str, const char *file, int line)
{
char *ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+ if (ret == NULL)
+ return NULL;
strcpy(ret, str);
return ret;
--
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
More information about the openssl-dev
mailing list