Fix use-after-free
authorRich Salz <rsalz@openssl.org>
Mon, 17 Jul 2017 06:52:26 +0000 (02:52 -0400)
committerRich Salz <rsalz@openssl.org>
Mon, 17 Jul 2017 11:46:49 +0000 (07:46 -0400)
Also fix a RANDerr call.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3947)

apps/app_rand.c
crypto/rand/randfile.c

index 3a05352..28caad4 100644 (file)
@@ -13,7 +13,7 @@
 #include <openssl/rand.h>
 #include <openssl/conf.h>
 
-static const char *save_rand_file;
+static char *save_rand_file;
 
 void app_RAND_load_conf(CONF *c, const char *section)
 {
@@ -29,7 +29,7 @@ void app_RAND_load_conf(CONF *c, const char *section)
         return;
     }
     if (save_rand_file == NULL)
-        save_rand_file = randfile;
+        save_rand_file = OPENSSL_strdup(randfile);
 }
 
 static int loadfiles(char *name)
@@ -66,6 +66,8 @@ void app_RAND_write(void)
         BIO_printf(bio_err, "Cannot write random bytes:\n");
         ERR_print_errors(bio_err);
     }
+    OPENSSL_free(save_rand_file);
+    save_rand_file =  NULL;
 }
 
 
@@ -84,7 +86,8 @@ int opt_rand(int opt)
         return loadfiles(opt_arg());
         break;
     case OPT_R_WRITERAND:
-        save_rand_file = opt_arg();
+        OPENSSL_free(save_rand_file);
+        save_rand_file = OPENSSL_strdup(opt_arg());
         break;
     }
     return 1;
index 904653f..f502642 100644 (file)
@@ -176,7 +176,7 @@ int RAND_write_file(const char *file)
     if (out == NULL)
         out = openssl_fopen(file, "wb");
     if (out == NULL) {
-        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
         ERR_add_error_data(2, "Filename=", file);
         return -1;
     }