diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2018-09-05 11:58:55 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2018-09-05 15:26:40 +0300 |
commit | c28a2ffd01dc1da932aa55d518b57a933cdc51be (patch) | |
tree | d82e21f4f94927c8c0f5ad6384c68aa1e2956ddc /crypto | |
parent | 374804bd0973e8af05046caecc40e6b906d1a375 (diff) |
Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.
This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.
Fixes #7102 .
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/dh/dh_lib.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_lib.c | 2 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 2 | ||||
-rw-r--r-- | crypto/rsa/rsa_lib.c | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 716f4a4b0a..d277faa398 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -103,7 +103,7 @@ void DH_free(DH *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 9598846e3b..92758ca4c6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -112,7 +112,7 @@ void DSA_free(DSA *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index f1f0afb466..df35b64888 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -55,7 +55,7 @@ void EC_KEY_free(EC_KEY *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish != NULL) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index e1377a0690..97552fa335 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -112,7 +112,7 @@ void RSA_free(RSA *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); |