OpenSSL 1.0.0-beta series crash when assembler implementations underflow with 0 byte length call to OPENSSL_cleanse() and overwrite memory.
Avoid it by nut trying to eraze zero memory. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3925 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
561507769a
commit
f48ec9528e
|
@ -739,7 +739,9 @@ void *sc_mem_alloc_secure(size_t len)
|
|||
void sc_mem_clear(void *ptr, size_t len)
|
||||
{
|
||||
#ifdef ENABLE_OPENSSL
|
||||
OPENSSL_cleanse(ptr, len);
|
||||
/* FIXME: Bug in 1.0.0-beta series crashes with 0 length */
|
||||
if (len > 0)
|
||||
OPENSSL_cleanse(ptr, len);
|
||||
#else
|
||||
memset(ptr, 0, len);
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue