From 582280954faa47491ab6451ce00f44a98734d8c0 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 16 Sep 2015 10:47:15 +0100 Subject: Make sure OPENSSL_cleanse checks for NULL In master we have the function OPENSSL_clear_free(x,y), which immediately returns if x == NULL. In <=1.0.2 this function does not exist so we have to do: OPENSSL_cleanse(x, y); OPENSSL_free(x); However, previously, OPENSSL_cleanse did not check that if x == NULL, so the real equivalent check would have to be: if (x != NULL) OPENSSL_cleanse(x, y); OPENSSL_free(x); It would be easy to get this wrong during cherry-picking to other branches and therefore, for safety, it is best to just ensure OPENSSL_cleanse also checks for NULL. Reviewed-by: Rich Salz (cherry picked from commit 020d8fc83fe1a94232db1ee1166309e2458a8a18) --- crypto/mem_clr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c index 3df1f39..1a06636 100644 --- a/crypto/mem_clr.c +++ b/crypto/mem_clr.c @@ -66,6 +66,10 @@ void OPENSSL_cleanse(void *ptr, size_t len) { unsigned char *p = ptr; size_t loop = len, ctr = cleanse_ctr; + + if (ptr == NULL) + return; + while (loop--) { *(p++) = (unsigned char)ctr; ctr += (17 + ((size_t)p & 0xF)); -- 1.7.12.1