New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Segfault in EVP_PKEY_CTX_dup when the ctx has an undefined operation. #13505
Conversation
@levitte I am not sure if this is the correct way to dup the keymt pointer.. I have tried to do something similar to what other 'defined' operations do. |
} | ||
if (pctx->op.kex.exchprovctx != NULL) { | ||
if (!ossl_assert(pctx->op.kex.exchange != NULL)) | ||
return NULL; | ||
goto end; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one and others were a potential memory leak..
…ion. Fixes openssl#12438 Note: This worked in 1.1.1 so just returning an error is not valid.
78289a5
to
62557ec
Compare
rebased |
ping |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not fully up to speed with all of this stuff (e.g., evp_pkey_export_to_provider()) but the memory-leak fixes are right, and I convinced myself that it's not harmful and probably addresses the indicated issue. (Also, it does fix the test case it added.)
Approved, with nit fix to be made while merging.
Updated to address @kaduk comments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reconfirm +1 -- thanks for the fixups
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Thanks. Merged to master. |
Fixes #12438
Note: This worked in 1.1.1 so just returning an error is not valid.
Checklist