Use memset to clear SRP_CTX instead of NULL and zero assignments (135976b3) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 135976b3 authored May 16, 2017 by

Diego Santa Cruz Committed by Matt Caswell Jun 08, 2017

Use memset to clear SRP_CTX instead of NULL and zero assignments



This uses memset() to clear all of the SRP_CTX when free'ing or
initializing it as well as in error paths instead of having a series
of NULL and zero assignments as it is safer.

It also changes SSL_SRP_CTX_init() to reset all the SRP_CTX to zero
in case or error, previously it could retain pointers to freed
memory, potentially leading to a double free.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3467)

parent e655f549

Hide whitespace changes

Inline Side-by-side

Please register or to comment