diff options
author | Darshan Sen <raisinten@gmail.com> | 2022-01-14 16:22:41 +0530 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-01-26 17:22:08 +0100 |
commit | 481709cd4d9ad5b77f1550fd23b169934ff8e2b6 (patch) | |
tree | ba79b3c23c0e06d4c718b19d49d618a8aa46cdc1 /crypto | |
parent | 27ee6e252d04b587e98228c81ecc3e62a34bae26 (diff) |
Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()
When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.
Fixes: https://github.com/openssl/openssl/issues/17506
Signed-off-by: Darshan Sen <raisinten@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)
(cherry picked from commit 59ccb72cd5cec3b4e312853621e12a68dacdbc7e)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/passphrase.c | 3 | ||||
-rw-r--r-- | crypto/ui/ui_util.c | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/crypto/passphrase.c b/crypto/passphrase.c index cb1bc66958..830872953a 100644 --- a/crypto/passphrase.c +++ b/crypto/passphrase.c @@ -41,7 +41,8 @@ int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, ossl_pw_clear_passphrase_data(data); data->type = is_expl_passphrase; data->_.expl_passphrase.passphrase_copy = - OPENSSL_memdup(passphrase, passphrase_len); + passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len) + : OPENSSL_malloc(1); if (data->_.expl_passphrase.passphrase_copy == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index 58769d68a3..871472cd32 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -114,7 +114,7 @@ static int ui_read(UI *ui, UI_STRING *uis) if (len >= 0) result[len] = '\0'; - if (len <= 0) + if (len < 0) return len; if (UI_set_result_ex(ui, uis, result, len) >= 0) return 1; |