40 lines
913 B
Diff
40 lines
913 B
Diff
openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
|
|
|
|
We should avoid accessing the pointer if ASN1_STRING_new()
|
|
allocates memory failed.
|
|
|
|
Upstream-Status: Submitted
|
|
http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
|
|
|
|
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
|
|
---
|
|
--- a/crypto/dh/dh_ameth.c
|
|
+++ b/crypto/dh/dh_ameth.c
|
|
@@ -139,6 +139,12 @@
|
|
dh=pkey->pkey.dh;
|
|
|
|
str = ASN1_STRING_new();
|
|
+ if (!str)
|
|
+ {
|
|
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
str->length = i2d_DHparams(dh, &str->data);
|
|
if (str->length <= 0)
|
|
{
|
|
--- a/crypto/dsa/dsa_ameth.c
|
|
+++ b/crypto/dsa/dsa_ameth.c
|
|
@@ -148,6 +148,11 @@
|
|
{
|
|
ASN1_STRING *str;
|
|
str = ASN1_STRING_new();
|
|
+ if (!str)
|
|
+ {
|
|
+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
|
|
+ goto err;
|
|
+ }
|
|
str->length = i2d_DSAparams(dsa, &str->data);
|
|
if (str->length <= 0)
|
|
{
|