Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
libssh.14666
0001-CVE-2020-1730-Fix-a-possible-segfault-when...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-A.patch of Package libssh.14666
From fa772dbe48f6c716f130e80562840d47dda5a1b7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider <asn@cryptomilk.org> Date: Tue, 11 Feb 2020 11:52:33 +0100 Subject: [PATCH] CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR key Fixes T213 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> --- src/libcrypto.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libcrypto.c b/src/libcrypto.c index b3792264..e9f519ec 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -713,8 +713,12 @@ aes_ctr_encrypt(struct ssh_cipher_struct *cipher, } static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){ - explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key)); - SAFE_FREE(cipher->aes_key); + if (cipher != NULL) { + if (cipher->aes_key != NULL) { + explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key)); + } + SAFE_FREE(cipher->aes_key); + } } #endif /* HAVE_OPENSSL_EVP_AES_CTR */ -- 2.26.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor