SRP_create_verifier does not check for NULL before OPENSSL_cleanse

OPENSSL_cleanse() does not validate its input parameter for NULL so SRP_create_verifier() should do so instead. Otherwise a segfault will result. Alternative solution to GitHub PR#1006 Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-08-26 15:14:24 +0100
committer: Matt Caswell <matt@openssl.org> 2016-08-26 20:40:37 +0100
commit: 7fb82d06746f7503323a7846448e095bf8f5ef9e (patch)
tree: 7503c144770f0cfbc2f4cdcb9af6ec2f55e59f66 /crypto
parent: 06a549c435d6095b33d78f136904c5fc2f7bcf24 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 986babfd49..af557a1ac3 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -635,7 +635,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         BN_free(N_bn);
         BN_free(g_bn);
     }
-    OPENSSL_cleanse(vf, vfsize);
+    if (vf != NULL)
+        OPENSSL_cleanse(vf, vfsize);
     OPENSSL_free(vf);
     BN_clear_free(s);
     BN_clear_free(v);
author	Matt Caswell <matt@openssl.org>	2016-08-26 15:14:24 +0100
committer	Matt Caswell <matt@openssl.org>	2016-08-26 20:40:37 +0100
commit	7fb82d06746f7503323a7846448e095bf8f5ef9e (patch)
tree	7503c144770f0cfbc2f4cdcb9af6ec2f55e59f66 /crypto
parent	06a549c435d6095b33d78f136904c5fc2f7bcf24 (diff)