Fix the allocation size in EVP_OpenInit and PEM_SignFinal
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Sun, 31 Mar 2019 10:00:16 +0000 (12:00 +0200)
committerBernd Edlinger <bernd.edlinger@hotmail.de>
Sat, 6 Apr 2019 08:17:19 +0000 (10:17 +0200)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8620)

crypto/evp/p_open.c
crypto/pem/pem_sign.c

index c9cd9b1..a141eb4 100644 (file)
@@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     }
 
     size = EVP_PKEY_size(priv);
-    key = OPENSSL_malloc(size + 2);
+    key = OPENSSL_malloc(size);
     if (key == NULL) {
         /* ERROR */
         EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
index d8f6d07..4be03a4 100644 (file)
@@ -31,7 +31,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     int i, ret = 0;
     unsigned int m_len;
 
-    m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
+    m = OPENSSL_malloc(EVP_PKEY_size(pkey));
     if (m == NULL) {
         PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
         goto err;