giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

OpenSSL 1.0.0-beta series crash when assembler implementations underflow with 0 byte length call to OPENSSL_cleanse() and overwrite memory. 

Avoid it by nut trying to eraze zero memory.


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3925 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
martin 2010-01-23 06:28:35 +00:00
parent 561507769a
commit f48ec9528e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libopensc/sc.c
View File

@ -739,7 +739,9 @@ void *sc_mem_alloc_secure(size_t len)
void sc_mem_clear(void *ptr, size_t len)
{
#ifdef ENABLE_OPENSSL
OPENSSL_cleanse(ptr, len);
/* FIXME: Bug in 1.0.0-beta series crashes with 0 length */
if (len > 0)
OPENSSL_cleanse(ptr, len);
#else
memset(ptr, 0, len);
#endif