Remove an NULL ptr deref in an error path

The |passwd| variable in the code can be NULL if it goes to the err label. Therefore we cannot call strlen on it without first checking that it is non NULL. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-11-11 00:12:36 +0100
committer: Matt Caswell <matt@openssl.org> 2015-11-17 12:17:37 +0100
commit: d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 (patch)
tree: 7a102c1f0b8feb798077ba2c237ed355cd9b2123 /ssl/tls_srp.c
parent: bn/asm/ppc64-mont.pl: adapt for little-endian. (diff)
download: openssl-d73ca3efa74bbb620a1e74deb5eec6f3d10203d5.tar.xz
openssl-d73ca3efa74bbb620a1e74deb5eec6f3d10203d5.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 91b88cd11f..64a3f23df7 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -393,7 +393,8 @@ int srp_generate_client_master_secret(SSL *s)
  err:
     BN_clear_free(K);
     BN_clear_free(x);
-    OPENSSL_clear_free(passwd, strlen(passwd));
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
     BN_clear_free(u);
     return ret;
 }
author	Matt Caswell <matt@openssl.org>	2015-11-11 00:12:36 +0100
committer	Matt Caswell <matt@openssl.org>	2015-11-17 12:17:37 +0100
commit	d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 (patch)
tree	7a102c1f0b8feb798077ba2c237ed355cd9b2123 /ssl/tls_srp.c
parent	bn/asm/ppc64-mont.pl: adapt for little-endian. (diff)
download	openssl-d73ca3efa74bbb620a1e74deb5eec6f3d10203d5.tar.xz openssl-d73ca3efa74bbb620a1e74deb5eec6f3d10203d5.zip