Fix use-after-free (54e5ba05) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/app_rand.c

+6 −3

Original line number	Original line	Diff line number	Diff line
	@@ -13,7 +13,7 @@
	#include <openssl/rand.h>		#include <openssl/rand.h>
	#include <openssl/conf.h>		#include <openssl/conf.h>

	static const char *save_rand_file;		static char *save_rand_file;

	void app_RAND_load_conf(CONF c, const char section)		void app_RAND_load_conf(CONF c, const char section)
	{		{
	@@ -29,7 +29,7 @@ void app_RAND_load_conf(CONF c, const char section)
	return;		return;
	}		}
	if (save_rand_file == NULL)		if (save_rand_file == NULL)
	save_rand_file = randfile;		save_rand_file = OPENSSL_strdup(randfile);
	}		}

	static int loadfiles(char *name)		static int loadfiles(char *name)
	@@ -66,6 +66,8 @@ void app_RAND_write(void)
	BIO_printf(bio_err, "Cannot write random bytes:\n");		BIO_printf(bio_err, "Cannot write random bytes:\n");
	ERR_print_errors(bio_err);		ERR_print_errors(bio_err);
	}		}
			OPENSSL_free(save_rand_file);
			save_rand_file = NULL;
	}		}


	@@ -84,7 +86,8 @@ int opt_rand(int opt)
	return loadfiles(opt_arg());		return loadfiles(opt_arg());
	break;		break;
	case OPT_R_WRITERAND:		case OPT_R_WRITERAND:
	save_rand_file = opt_arg();		OPENSSL_free(save_rand_file);
			save_rand_file = OPENSSL_strdup(opt_arg());
	break;		break;
	}		}
	return 1;		return 1;

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -176,7 +176,7 @@ int RAND_write_file(const char *file)
	if (out == NULL)		if (out == NULL)
	out = openssl_fopen(file, "wb");		out = openssl_fopen(file, "wb");
	if (out == NULL) {		if (out == NULL) {
	RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);		RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
	ERR_add_error_data(2, "Filename=", file);		ERR_add_error_data(2, "Filename=", file);
	return -1;		return -1;
	}		}