SRP_create_verifier does not check for NULL before OPENSSL_cleanse
OPENSSL_cleanse() does not validate its input parameter for NULL so
SRP_create_verifier() should do so instead. Otherwise a segfault will
result.
Alternative solution to GitHub PR#1006
Reviewed-by: Rich Salz <rsalz@openssl.org>
Please register or sign in to comment