[openssl-dev] [openssl.org #4107] [PATCH] null pointer dereference: bn_wexpand return code not checked in bn_g2fm.c
Pascal Cuoq via RT
rt at openssl.org
Mon Oct 26 10:29:43 UTC 2015
The function bn_wexpand() can fail. Most of the invocations in bn_g2fm.c are guarded, but three of them aren't, causing a null pointer dereference when bn_wexpand() fails:
https://github.com/openssl/openssl/blob/3f6c7691870d1cd2ad0e0c83638cef3f35a0b548/crypto/bn/bn_gf2m.c#L700
If the calls to bn_wexpand() are guarded as in the attached patch, the null pointer dereferences no longer occur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bn_wexpand.patch
Type: application/octet-stream
Size: 911 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151026/f2f7279c/attachment.obj>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list