From 59ccb72cd5cec3b4e312853621e12a68dacdbc7e Mon Sep 17 00:00:00 2001 From: Darshan Sen Date: Fri, 14 Jan 2022 16:22:41 +0530 Subject: Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey() When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size allocation, which resulted in malloc failures. Fixes: https://github.com/openssl/openssl/issues/17506 Signed-off-by: Darshan Sen Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17507) --- crypto/passphrase.c | 3 ++- crypto/ui/ui_util.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'crypto') diff --git a/crypto/passphrase.c b/crypto/passphrase.c index cb1bc66958..830872953a 100644 --- a/crypto/passphrase.c +++ b/crypto/passphrase.c @@ -41,7 +41,8 @@ int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, ossl_pw_clear_passphrase_data(data); data->type = is_expl_passphrase; data->_.expl_passphrase.passphrase_copy = - OPENSSL_memdup(passphrase, passphrase_len); + passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len) + : OPENSSL_malloc(1); if (data->_.expl_passphrase.passphrase_copy == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index 58769d68a3..871472cd32 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -114,7 +114,7 @@ static int ui_read(UI *ui, UI_STRING *uis) if (len >= 0) result[len] = '\0'; - if (len <= 0) + if (len < 0) return len; if (UI_set_result_ex(ui, uis, result, len) >= 0) return 1; -- cgit v1.2.3