[erlang-patches] [PATCH] crypto: fix a few memleaks/undefined pointer dereferences
Sverker Eriksson
sverker.eriksson@REDACTED
Tue Feb 4 12:30:28 CET 2014
Thanks, I'll include this for 17.0-rc2.
/Sverker
On 02/03/2014 06:38 AM, Florian Zumbiehl wrote:
> Hi,
>
>> A simple fix to this would be to let the crypto_alloc (in
>> crypto_callback.c) to call abort() if the allocation failed as that
>> is the strategy otherwise in out-of-memory scenarios. Thus a "nice
>> crash" with an "Out of memory" message instead of a segmentation
>> violation.
> below you find a patch that does just that. I hope it can still make it
> into R17? Mind you, pointer arithmetic with and dereference of null
> pointers give undefined behaviour, not (necessarily just) a segfault, so
> this could have security implications.
>
> Regards, Florian
>
> diff --git a/lib/crypto/c_src/crypto_callback.c b/lib/crypto/c_src/crypto_callback.c
> index 81106b4..750e9b1 100644
> --- a/lib/crypto/c_src/crypto_callback.c
> +++ b/lib/crypto/c_src/crypto_callback.c
> @@ -53,11 +53,19 @@ static ErlNifRWLock** lock_vec = NULL; /* Static locks used by openssl */
>
> static void* crypto_alloc(size_t size)
> {
> - return enif_alloc(size);
> + void *ret;
> +
> + if (!(ret = enif_alloc(size)) && size)
> + abort();
> + return ret;
> }
> static void* crypto_realloc(void* ptr, size_t size)
> {
> - return enif_realloc(ptr, size);
> + void *ret;
> +
> + if (!(ret = enif_realloc(ptr, size)) && size)
> + abort();
> + return ret;
> }
> static void crypto_free(void* ptr)
> {
More information about the erlang-patches
mailing list