[openssl-dev] [openssl.org #4385] [PATCH] Missing Sanity Checks for RSA_new_method() in OpenSSL-1.0.2g
Bill Parker via RT
rt at openssl.org
Mon Mar 7 17:54:21 UTC 2016
Hello All,
In reviewing source code in directory 'engines', file 'e_4758cca.c',
there are two calls to function 'RSA_new_method()' which are not
checked for a return value of NULL, indicating failure.
The patch file below should address/correct this issue:
--- e_4758cca.c.orig 2016-03-06 11:05:42.053315929 -0800
+++ e_4758cca.c 2016-03-06 11:06:54.996586643 -0800
@@ -463,6 +463,10 @@
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
+ if (rtmp == NULL) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
@@ -535,6 +539,10 @@
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
+ if (rtmp == NULL) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4385
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: e_4758cca.c.patch
Type: application/octet-stream
Size: 788 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160307/b3ddff41/attachment.obj>
More information about the openssl-dev
mailing list