[openssl-dev] [openssl.org #4000] Bug in Branch OpenSSL-fips-2_0-stable; file rsa_x931g.c
Stuart, Harold via RT
rt at openssl.org
Tue Aug 11 00:09:50 UTC 2015
The Blue Coat Systems cryptography team is reviewing our usage of OpenSSL and has discovered the following minor bug. We do not believe that this bug is exploitable.
In branch OpenSSL-fips-2_0-stable, file rsa_x931g.c observe the function RSA_X931_derive_ex. At line 84 we see the following:
if (!rsa)
goto err;
However, at line 190 we see this:
err:
if (ctx)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (ctx2)
BN_CTX_free(ctx2);
/* If this is set all calls successful */
if (rsa->iqmp != NULL)
return 1;
Note that the variable rsa is dereferenced, even though it is possible that it can be NULL at this point.
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list