diff options
| author | Nicola Tuveri <nic.tuv@gmail.com> | 2018-09-05 10:58:55 +0200 |
|---|---|---|
| committer | Nicola Tuveri <nic.tuv@gmail.com> | 2018-09-05 14:22:35 +0200 |
| commit | 0c5d725ebf31ce7b6db9d638aab508da3263444d (patch) | |
| tree | 0d353cc55f321e3063e102f81aa385d29cc11a51 /crypto/dsa/dsa_lib.c | |
| parent | New openssl subject parser hard to debug (diff) | |
| download | openssl-0c5d725ebf31ce7b6db9d638aab508da3263444d.tar.xz openssl-0c5d725ebf31ce7b6db9d638aab508da3263444d.zip | |
Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.
This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.
Fixes #7102 .
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)
Diffstat (limited to 'crypto/dsa/dsa_lib.c')
| -rw-r--r-- | crypto/dsa/dsa_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 739fde65c4..2eb8ee7ad5 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -111,7 +111,7 @@ void DSA_free(DSA *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); |