[openssl-dev] [openssl.org #4401] [PATCH] plug potential memory leak(s) in OpenSSL 1.1 pre 4 in 'ec_lib.c'
davidben at google.com
Thu Mar 10 15:51:19 UTC 2016
By the way, returning the original subject, I don't believe there is a leak
If EC_GROUP_copy fails, dest still exists and is owned by the caller. It's
the caller's obligation to call EC_GROUP_free and that will release the
partially-copied EC_GROUP. (Which will, with this patch, cause a
double-free because the unnecessarily freed pointers aren't nulled.)
On Wed, Mar 9, 2016 at 1:00 PM Bill Parker via RT <rt at openssl.org> wrote:
> What did I start here (egad) :)
> On Wed, Mar 9, 2016 at 5:03 AM, Salz, Rich via RT <rt at openssl.org> wrote:
> > > No, you got that right, NULL being 'safe' to free varies with OS.
> > Except we mandate ANSI C which means it's portable :)
> > --
> > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
> > Please log in as guest with password guest if prompted
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
> Please log in as guest with password guest if prompted
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-dev