New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crash in md_rand.c when MD_Init fails #2087
Comments
Hrmm.. attached a readable patch file (hopefully) |
@bernd-edlinger , Is this a trivial change? If not, we'll need a CLA from you. |
1 similar comment
@bernd-edlinger , Is this a trivial change? If not, we'll need a CLA from you. |
It is probably trivial, only checking return codes. |
FYI, we are not the FSF. |
OK understood. |
Certainly! Please go here: https://www.openssl.org/policies/cla.html |
OK this will take a while, because it needs to be signed by my company. in the meantime, here is a somewhat better patch:
|
Note I see more places where EVP_DigestInit_ex is used without error checking, For instance crypto/srp/srp_lib.c, ./crypto/srp/srp_vfy.c And also here: void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) how is that supposed to work? |
it's a bug and we're stuck with it. some places errors just cannot be returned because they are "swallowed" by the existing functions :( We could add a new function if needed. |
No, fortunatley I don't need it. |
Fixed a memory leak in ASN1_digest and ASN1_item_digest. asn1_template_noexp_d2i call ASN1_item_ex_free(&skfield,...) on error. Reworked error handling in asn1_item_ex_combine_new: - call ASN1_item_ex_free and return the correct error code if ASN1_template_new failed. - dont call ASN1_item_ex_free if ASN1_OP_NEW_PRE failed. Reworked error handing in x509_name_ex_d2i and x509_name_encode. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in def_get_class if lh_EX_CLASS_ITEM_insert fails due to OOM: - to figure out if the insertion succeeded, use lh_EX_CLASS_ITEM_retrieve again. - on error, p will be NULL, and gen needs to be cleaned up again. int_free_ex_data needs to have a fallback solution if unable to allocate "storage": - if free_func is non-zero this must be called to clean up all memory. Fixed error handling in pkey_hmac_copy. Fixed error handling in ssleay_rand_add and ssleay_rand_bytes. Fixed error handling in X509_STORE_new. Fixed a memory leak in ssl3_get_key_exchange. Check for null pointer in ssl3_write_bytes. Check for null pointer in ssl3_get_cert_verify. Fixed a memory leak in ssl_cert_dup. Fixes openssl#2087 openssl#2094 openssl#2103 openssl#2104 openssl#2105 openssl#2106 openssl#2107 openssl#2108 openssl#2110 openssl#2111 openssl#2112 openssl#2115
Fixed a memory leak in ASN1_digest and ASN1_item_digest. asn1_template_noexp_d2i call ASN1_item_ex_free(&skfield,...) on error. Reworked error handling in asn1_item_ex_combine_new: - call ASN1_item_ex_free and return the correct error code if ASN1_template_new failed. - dont call ASN1_item_ex_free if ASN1_OP_NEW_PRE failed. Reworked error handing in x509_name_ex_d2i and x509_name_encode. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in def_get_class if lh_EX_CLASS_ITEM_insert fails due to OOM: - to figure out if the insertion succeeded, use lh_EX_CLASS_ITEM_retrieve again. - on error, p will be NULL, and gen needs to be cleaned up again. int_free_ex_data needs to have a fallback solution if unable to allocate "storage": - if free_func is non-zero this must be called to clean up all memory. Fixed error handling in pkey_hmac_copy. Fixed error handling in ssleay_rand_add and ssleay_rand_bytes. Fixed error handling in X509_STORE_new. Fixed a memory leak in ssl3_get_key_exchange. Check for null pointer in ssl3_write_bytes. Check for null pointer in ssl3_get_cert_verify. Fixed a memory leak in ssl_cert_dup. Fixes #2087 #2094 #2103 #2104 #2105 #2106 #2107 #2108 #2110 #2111 #2112 #2115 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2127)
Which file defines the functions MD_Init and MD_Update? |
|
Hi,
I tried to test out of memory handling with openssl_1.0.2j.
There is a crash in RAND_bytes, when MD_Init fails,
a later MD_Update crashes with null pointer.
Not sure if return code of MD_Update and MD_Final need to be
handled as well, at least with SHA1 there is no crash if
that is ignored.
possible, but probably incomplete fix follows.
The text was updated successfully, but these errors were encountered: