git.openssl.org Git - openssl.git/commit

author	Nicola Tuveri <nic.tuv@gmail.com>
	Wed, 5 Sep 2018 08:58:55 +0000 (11:58 +0300)
committer	Nicola Tuveri <nic.tuv@gmail.com>
	Wed, 5 Sep 2018 12:22:35 +0000 (15:22 +0300)
commit	0c5d725ebf31ce7b6db9d638aab508da3263444d
tree	0d353cc55f321e3063e102f81aa385d29cc11a51	tree \| snapshot
parent	2167640b0bf76ec50a397dd90444b97c242e3f04	commit \| diff

Fix segfault in RSA_free() (and DSA/DH/EC_KEY)

`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).

For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.

If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.

This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.

Fixes #7102 .

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)

crypto/dh/dh_lib.c		diff \| blob \| history
crypto/dsa/dsa_lib.c		diff \| blob \| history
crypto/ec/ec_key.c		diff \| blob \| history
crypto/rsa/rsa_lib.c		diff \| blob \| history