[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanup


Hi,

My recent patch to fix the gcrypt build ended up introducing
a bug that is only observed with older OpenSSL versions.
Attached here is a patch to fix that bug (a potential NULL
dereference).


-Jon
From dc8e01194c5ec906c5faf174d2c8a62494986133 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@xxxxxxxxxxxxx>
Date: Wed, 19 Jul 2017 17:53:14 -0400
Subject: [PATCH] libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanup

On OpenSSL versions prior to 1.1.0, `EVP_CIPHER_CTX_cleanup` will
dereference its argument regardless of whether it is NULL.  This
is not a problem on OpenSSL at or beyond 1.1.0, where
`EVP_CIPHER_CTX_cleanup` (macro to `EVP_CIPHER_CTX_reset`) returns
early upon NULL input.

Move the call to `EVP_CIPHER_CTX_cleanup` under the existing NULL
check in `evp_cipher_cleanup` to avoid the problem.

Introduced with this build-break fix:
 * e66f370682927ca8bd7ae0e7544754c6f4ac4969

Found in manual testing in an environment with an older OpenSSL.

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 src/libcrypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcrypto.c b/src/libcrypto.c
index 6a29c6e7..59c99568 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -553,8 +553,8 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher,
 }
 
 static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
-    EVP_CIPHER_CTX_cleanup(cipher->ctx);
     if (cipher->ctx != NULL) {
+        EVP_CIPHER_CTX_cleanup(cipher->ctx);
         EVP_CIPHER_CTX_free(cipher->ctx);
     }
 }
-- 
2.13.2


Follow-Ups:
Re: [PATCH] libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanupAndreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org