[erlang-patches] [PATCH] crypto: fix a few memleaks/undefined pointer dereferences
Florian Zumbiehl
florz@REDACTED
Mon Feb 3 06:38:46 CET 2014
Hi,
> A simple fix to this would be to let the crypto_alloc (in
> crypto_callback.c) to call abort() if the allocation failed as that
> is the strategy otherwise in out-of-memory scenarios. Thus a "nice
> crash" with an "Out of memory" message instead of a segmentation
> violation.
below you find a patch that does just that. I hope it can still make it
into R17? Mind you, pointer arithmetic with and dereference of null
pointers give undefined behaviour, not (necessarily just) a segfault, so
this could have security implications.
Regards, Florian
diff --git a/lib/crypto/c_src/crypto_callback.c b/lib/crypto/c_src/crypto_callback.c
index 81106b4..750e9b1 100644
--- a/lib/crypto/c_src/crypto_callback.c
+++ b/lib/crypto/c_src/crypto_callback.c
@@ -53,11 +53,19 @@ static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */
static void* crypto_alloc(size_t size)
{
- return enif_alloc(size);
+ void *ret;
+
+ if (!(ret = enif_alloc(size)) && size)
+ abort();
+ return ret;
}
static void* crypto_realloc(void* ptr, size_t size)
{
- return enif_realloc(ptr, size);
+ void *ret;
+
+ if (!(ret = enif_realloc(ptr, size)) && size)
+ abort();
+ return ret;
}
static void crypto_free(void* ptr)
{
More information about the erlang-patches
mailing list