apps/speed.c: Fix crash when config loading fails (be3a7dde) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Move rsa_key initialization in front of load_config(). If loading the config fails, rsa_key isn't initialized and may cause invalid free() in the end: cleanup. Remove superfluous memset. Reviewed-by:

Andy Polyakov <appro@openssl.org> Reviewed-by:

Rich Salz <rsalz@openssl.org>

apps/speed.c

+4 −6

Original line number	Diff line number	Diff line
		@@ -670,6 +670,10 @@ int MAIN(int argc, char **argv)
		ecdh_b[i] = NULL;
		}
		# endif
		# ifndef OPENSSL_NO_RSA
		for (i = 0; i < RSA_NUM; i++)
		rsa_key[i] = NULL;
		# endif

		if (bio_err == NULL)
		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
		@@ -678,12 +682,6 @@ int MAIN(int argc, char **argv)
		if (!load_config(bio_err, NULL))
		goto end;

		# ifndef OPENSSL_NO_RSA
		memset(rsa_key, 0, sizeof(rsa_key));
		for (i = 0; i < RSA_NUM; i++)
		rsa_key[i] = NULL;
		# endif

		if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
		BIO_printf(bio_err, "out of memory\n");
		goto end;

Admin message