[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Douglas E Engert
deengert at gmail.com
Tue Apr 26 19:49:17 UTC 2016
On 4/26/2016 1:20 PM, Salz, Rich wrote:
>> Look. If Doug noticed this, programmers less intimate with this API are much
>> more likely to get stung by it. The protection against such a misunderstanding
>> is cheap.
>
>
> Is it? And what is that protection? Without introducing memory leaks.
In RSA_set0_key:
After any type of NULL test:
if (e != rsa->e) {
BN_free(rsa->e);
rsa->e = e;
}
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssl-dev
mailing list