code.ossystems Code Review - openembedded-core.git/blob

   1 openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
   2
   3 We should avoid accessing the type pointer if it's NULL,
   4 this could happen if ctx->digest is not NULL.
   5
   6 Upstream-Status: Submitted
   7 http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
   8
   9 Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
  10 ---
  11 Index: openssl-1.0.2/crypto/evp/digest.c
  12 ===================================================================
  13 --- openssl-1.0.2.orig/crypto/evp/digest.c
  14 +++ openssl-1.0.2/crypto/evp/digest.c
  15 @@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
  16          return 0;
  17      }
  18  #endif
  19 -    if (ctx->digest != type) {
  20 +    if (type && (ctx->digest != type)) {
  21          if (ctx->digest && ctx->digest->ctx_size)
  22              OPENSSL_free(ctx->md_data);
  23          ctx->digest = type;