Yekkirala, Venkatesh Sri
2017-Jun-19 16:16 UTC
OpenSSL 1.1.0 support and RSA_set0_key() double frees?
Hi Jakub, The patch for this introduces an unconditional goto at line 3344: http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-7.3p1-openssl-1.1.0.patch#n3344 as shown in the below snippet: /* calculate p-1 and q-1 */ - if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0) + if ((r = rsa_generate_additional_parameters(prv->rsa, iqmp)) != 0) + BN_free(iqmp); goto out; /* enable blinding */ FYI, venkat
On 06/19/2017 06:16 PM, Yekkirala, Venkatesh Sri wrote:> Hi Jakub, > > The patch for this introduces an unconditional goto at line 3344: > > http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-7.3p1-openssl-1.1.0.patch#n3344 > > as shown in the below snippet: > > /* calculate p-1 and q-1 */ > - if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0) > + if ((r = rsa_generate_additional_parameters(prv->rsa, iqmp)) != 0) > + BN_free(iqmp); > goto out; > > /* enable blinding */ > > FYI, > > venkat >Thank you for a review. Should be fixed now. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat