Revision eba8bf485a81541ad25a685f13f00a862cc371a8 authored by Hanno Böck on 11 May 2015, 10:33:37 UTC, committed by Matt Caswell on 13 May 2015, 14:28:48 UTC
The function obj_cmp() (file crypto/objects/obj_dat.c) can in some situations call memcmp() with a null pointer and a zero length. This is invalid behaviour. When compiling openssl with undefined behaviour sanitizer (add -fsanitize=undefined to compile flags) this can be seen. One example that triggers this behaviour is the pkcs7 command (but there are others, e.g. I've seen it with the timestamp function): apps/openssl pkcs7 -in test/testp7.pem What happens is that obj_cmp takes objects of the type ASN1_OBJECT and passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT structures can have a null pointer as data. RT#3816 Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be)
1 parent 464774d
| File | Mode | Size |
|---|---|---|
| build.bat | -rw-r--r-- | 6.5 KB |
| cpy_tests.bat | -rw-r--r-- | 3.2 KB |
| do_tests.pl | -rw-r--r-- | 19.2 KB |
| globals.txt | -rw-r--r-- | 7.4 KB |
| readme.txt | -rw-r--r-- | 668 bytes |
| set_env.bat | -rw-r--r-- | 3.5 KB |
Computing file changes ...
