moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

openssl: guard against OOM on context creation 

EVP_MD_CTX_create will allocate memory for the context and returns
NULL in case the allocation fails. Make sure to catch any allocation
failures and exit early if so.

In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex
as the latter is intended for ENGINE selection which we don't do.

Closes #6224
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
This commit is contained in:
Daniel Gustafsson 2020-11-19 01:40:24 +01:00
parent ee38a725b9
commit 3a8cdc82dc
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/vtls/openssl.c
View File

@ -4364,7 +4364,9 @@ static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
(void) unused;
mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
if(!mdctx)
return CURLE_OUT_OF_MEMORY;
EVP_DigestInit(mdctx, EVP_md5());
EVP_DigestUpdate(mdctx, tmp, tmplen);
EVP_DigestFinal_ex(mdctx, md5sum, &len);
EVP_MD_CTX_destroy(mdctx);
@ -4382,7 +4384,9 @@ static CURLcode Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
(void) unused;
mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
if(!mdctx)
return CURLE_OUT_OF_MEMORY;
EVP_DigestInit(mdctx, EVP_sha256());
EVP_DigestUpdate(mdctx, tmp, tmplen);
EVP_DigestFinal_ex(mdctx, sha256sum, &len);
EVP_MD_CTX_destroy(mdctx);