[openssl-dev] [openssl.org #4185] Bug in EVP_MD_CTX_copy_ex's malloc failure handling
Kurt Roeckx via RT
rt at openssl.org
Thu Dec 17 19:43:25 UTC 2015
On Wed, Dec 16, 2015 at 11:34:56PM +0000, David Benjamin via RT wrote:
> EVP_MD_CTX_copy_ex is implemented with memcpy, followed by manually fixing
> up |out->pctx| and |out->md_data|.
>
> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/digest.c;h=5da0e01039a6da039942db9f1bf8b70753f509f2;hb=HEAD#l292
>
> If allocating |out->md_data| fails, then both |out->pctx| and |in->pctx|
> may point to the same EVP_PKEY_CTX and freeing |out| will cause problems.
>
> We fixed this by not using memcpy.
> https://boringssl.googlesource.com/boringssl/+/306ece31bcaaed49e0240a2e5555f8901ebb2d45%5E%21/crypto/digest/digest.c
This patch won't apply as is since we have more fields (engine,
flags).
We also don't have pctx_ops, but have update instead, but already
seem to copy that anyway.
Kurt
More information about the openssl-dev
mailing list