Openssl: NULL deref in dgst_main on alloc failure

Created on 27 Jun 2020 · 1Comment · Source: openssl/openssl

When the allocation in https://github.com/openssl/openssl/blob/270540fd5413b00a746a581e8939c30862c689b1/apps/dgst.c#L115 fails, there is a NULL deref in both https://github.com/openssl/openssl/blob/270540fd5413b00a746a581e8939c30862c689b1/apps/dgst.c#L405 and https://github.com/openssl/openssl/blob/270540fd5413b00a746a581e8939c30862c689b1/apps/dgst.c#L426 depending on number of command line arguments.

The source is both missing a NULL check here, but also could be improved by doing this allocation much closer to where it actually is used (only those two places near the end).

bug report

Source

BenBE

Most helpful comment

app_malloc is a wrapper around malloc that exits on failure.

richsalz on 27 Jun 2020

👍2

>All comments

app_malloc is a wrapper around malloc that exits on failure.

richsalz on 27 Jun 2020

👍2

Was this page helpful?

0 / 5 - 0 ratings

Related issues

OpenSSL 1.1.0 X25519 implementation

enriquejcobo · 3Comments

Can you explain the differences ?

Legends · 3Comments

Truncated transfers with OpenSSL 1.1.1

alexh-sauce · 3Comments

Bugs in compiling OpenSSL 3.0 Alpha1 within nginx

kirin10000 · 3Comments

PHP compile fail during openssl.c

shrimpwagon · 3Comments