[openssl-dev] [openssl.org #4372] [PATCH] Missing sanity check for OPENSSL_malloc() in openssl-1.0.2g in th-lock.c
Bill Parker via RT
rt at openssl.org
Wed Mar 2 17:24:50 UTC 2016
Hello All,
In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/threads', file
'th-lock.c', in function 'CRYPTO_thread_setup', there is a call to
OPENSSL_malloc()
which is not checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- th-lock.c.orig 2016-03-01 18:46:39.633840674 -0800
+++ th-lock.c 2016-03-01 18:47:40.408564829 -0800
@@ -177,6 +177,10 @@
return;
}
lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ if (!lock_count) {
+ /* Nothing we can do about this...void function! */
+ return;
+ }
for (i = 0; i < CRYPTO_num_locks(); i++) {
lock_count[i] = 0;
# ifdef USE_MUTEX
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4372
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: th-lock.c.patch
Type: application/octet-stream
Size: 434 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160302/f5d77e2c/attachment.obj>
More information about the openssl-dev
mailing list