blob: 3e93fe4e22c94503df6f9cccbc39088d36a6e797 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
We should avoid accessing the pointer if ASN1_STRING_new()
allocates memory failed.
Upstream-Status: Submitted
http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
---
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -139,6 +139,12 @@
dh=pkey->pkey.dh;
str = ASN1_STRING_new();
+ if (!str)
+ {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
str->length = i2d_DHparams(dh, &str->data);
if (str->length <= 0)
{
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -148,6 +148,11 @@
{
ASN1_STRING *str;
str = ASN1_STRING_new();
+ if (!str)
+ {
+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
str->length = i2d_DSAparams(dsa, &str->data);
if (str->length <= 0)
{
|