Commit 7fb82d06 authored by Matt Caswell's avatar Matt Caswell
Browse files

SRP_create_verifier does not check for NULL before OPENSSL_cleanse 



OPENSSL_cleanse() does not validate its input parameter for NULL so
SRP_create_verifier() should do so instead. Otherwise a segfault will
result.

Alternative solution to GitHub PR#1006

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 06a549c4

crypto/srp/srp_vfy.c

+2 −1
Original line number Diff line number Diff line
@@ -635,6 +635,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, 
        BN_free(N_bn);

        BN_free(g_bn);

    }

    if (vf != NULL)

        OPENSSL_cleanse(vf, vfsize);

    OPENSSL_free(vf);

    BN_clear_free(s);