You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
In function test_EVP_PKEY_ffc_priv_pub, params is freed via OSSL_PARAM_free() at line 577.
If the condition at line 581 is true, the execution will goto err, and params will be freed again at line 630.
The same problem also happens at line 593 and line 609, which causes two double free bugs.
Code Description:
static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
{
....
577: OSSL_PARAM_free(params); // param is freed at the first time !
OSSL_PARAM_BLD_free(bld);
/* Test priv and !pub */
581: if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
....
593: OSSL_PARAM_free(params); // param is freed at the first time !
OSSL_PARAM_BLD_free(bld);
/* Test !priv and pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
pub)))
goto err;
609: OSSL_PARAM_free(params);// param is freed at the first time !
OSSL_PARAM_BLD_free(bld);
/* Test priv and pub */
if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
pub))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
priv)))
goto err;
err:
630: OSSL_PARAM_free(params);// param is freed at the second time !
...
return ret;
}
The text was updated successfully, but these errors were encountered:
File: test/evp_extra_test.c
Bug Function: test_EVP_PKEY_ffc_priv_pub
Version: Git-master (2021-4-18)
Description:
In function
test_EVP_PKEY_ffc_priv_pub
,params
is freed viaOSSL_PARAM_free()
at line 577.If the condition at line 581 is true, the execution will goto
err
, andparams
will be freed again at line 630.The same problem also happens at line 593 and line 609, which causes two double free bugs.
Code Description:
The text was updated successfully, but these errors were encountered: