[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0
[Thread Prev] | [Thread Next]
- Subject: Re: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Tue, 7 Nov 2017 11:53:58 -0500
- To: libssh@xxxxxxxxxx
On 11/7/17 4:11 AM, Jakub Jelen wrote:
Hello, this patch is an addition to the commit 954da14 which is trying to use non-deprecated functions in OpenSSL 1.1.0. But the newly function needs special allocation of the dsa structure before, which was missing. See the attached patch (or on github [1]). [1] https://github.com/Jakuje/libssh/commit/dcdba1a
I believe that if DSA_generate_parameters_ex fails, the key->dsa
needs to be DSA_free'd and then set to NULL in the error-out path
on line 469:
454 int pki_key_generate_dss(ssh_key key, int parameter){
455 int rc;
456 #if OPENSSL_VERSION_NUMBER > 0x10100000L
457 key->dsa = DSA_new();
458 if (!key->dsa) {
459 return SSH_ERROR;
460 }
461 rc = DSA_generate_parameters_ex(key->dsa,
462 parameter,
463 NULL, /* seed */
464 0, /* seed_len */
465 NULL, /* counter_ret */
466 NULL, /* h_ret */
467 NULL); /* cb */
468 if (rc != 1) {
469 return SSH_ERROR; /* XXX: DSA_free, set to NULL here. */
470 }
471 #else
472 key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
473 NULL, NULL);
474 if(key->dsa == NULL){
475 return SSH_ERROR;
476 }
477 #endif
478 rc = DSA_generate_key(key->dsa);
479 if (rc != 1){
480 DSA_free(key->dsa);
481 key->dsa=NULL;
482 return SSH_ERROR;
483 }
484 return SSH_OK;
485 }
-Jon
| Re: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0 | Jakub Jelen <jjelen@xxxxxxxxxx> |
| [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0 | Jakub Jelen <jjelen@xxxxxxxxxx> |