diff options
| author | Jon Simons <jon@jonsimons.org> | 2017-07-19 17:53:14 -0400 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2017-07-20 17:02:44 +0200 |
| commit | c317d959112c3922056faf3a90fb4b1893e133f2 (patch) | |
| tree | 457e2a25e7a928b6be2708569893c179847afbd1 | |
| parent | 380390c4b6dca9bda52707807b3ee577f758b107 (diff) | |
| download | libssh-c317d959112c3922056faf3a90fb4b1893e133f2.tar.gz libssh-c317d959112c3922056faf3a90fb4b1893e133f2.tar.xz libssh-c317d959112c3922056faf3a90fb4b1893e133f2.zip | |
libcrypto: add NULL-check for EVP_CIPHER_CTX_cleanup
On OpenSSL versions prior to 1.1.0, `EVP_CIPHER_CTX_cleanup` will
dereference its argument regardless of whether it is NULL. This
is not a problem on OpenSSL at or beyond 1.1.0, where
`EVP_CIPHER_CTX_cleanup` (macro to `EVP_CIPHER_CTX_reset`) returns
early upon NULL input.
Move the call to `EVP_CIPHER_CTX_cleanup` under the existing NULL
check in `evp_cipher_cleanup` to avoid the problem.
Introduced with this build-break fix:
* e66f370682927ca8bd7ae0e7544754c6f4ac4969
Found in manual testing in an environment with an older OpenSSL.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
| -rw-r--r-- | src/libcrypto.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c index 6a29c6e7..59c99568 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -553,8 +553,8 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher, } static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) { - EVP_CIPHER_CTX_cleanup(cipher->ctx); if (cipher->ctx != NULL) { + EVP_CIPHER_CTX_cleanup(cipher->ctx); EVP_CIPHER_CTX_free(cipher->ctx); } } |