diff options
| author | Nicola Tuveri <nic.tuv@gmail.com> | 2018-09-05 11:58:55 +0300 |
|---|---|---|
| committer | Nicola Tuveri <nic.tuv@gmail.com> | 2018-09-05 15:22:35 +0300 |
| commit | 0c5d725ebf31ce7b6db9d638aab508da3263444d (patch) | |
| tree | 0d353cc55f321e3063e102f81aa385d29cc11a51 /crypto/dh | |
| parent | 2167640b0bf76ec50a397dd90444b97c242e3f04 (diff) | |
| download | openssl-0c5d725ebf31ce7b6db9d638aab508da3263444d.zip openssl-0c5d725ebf31ce7b6db9d638aab508da3263444d.tar.gz openssl-0c5d725ebf31ce7b6db9d638aab508da3263444d.tar.bz2 | |
Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.
This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.
Fixes #7102 .
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e425225..2e0393e 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -104,7 +104,7 @@ void DH_free(DH *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); |