Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit d5b2135

Browse filesBrowse files
davidbentargos
davidben
authored and
targos
committed
tls: fix malloc mismatch in SSL_set_tlsext_status_ocsp_resp call
SSL_set_tlsext_status_ocsp_resp expects the data to be allocated with OPENSSL_malloc, not libc malloc, so use OpenSSLMalloc. Additionally, though OpenSSL doesn't type-check due to it being a macro, the function is documented to take an unsigned char pointer: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_tlsext_status_ocsp_resp.html (By default, OPENSSL_malloc is the same as libc malloc, but it is possible to customize this.) PR-URL: #25706 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com>
1 parent ae19f94 commit d5b2135
Copy full SHA for d5b2135

File tree

Expand file treeCollapse file tree

1 file changed

+10
-9
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+10
-9
lines changed
Open diff view settings
Collapse file

‎src/node_crypto.cc‎

Copy file name to clipboardExpand all lines: src/node_crypto.cc
+10-9Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -324,6 +324,14 @@ bool EntropySource(unsigned char* buffer, size_t length) {
324324
}
325325

326326

327+
template <typename T>
328+
static T* MallocOpenSSL(size_t count) {
329+
void* mem = OPENSSL_malloc(MultiplyWithOverflowCheck(count, sizeof(T)));
330+
CHECK_IMPLIES(mem == nullptr, count == 0);
331+
return static_cast<T*>(mem);
332+
}
333+
334+
327335
void SecureContext::Initialize(Environment* env, Local<Object> target) {
328336
Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
329337
t->InstanceTemplate()->SetInternalFieldCount(1);
@@ -2446,11 +2454,11 @@ int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) {
24462454
size_t len = Buffer::Length(obj);
24472455

24482456
// OpenSSL takes control of the pointer after accepting it
2449-
char* data = node::Malloc(len);
2457+
unsigned char* data = MallocOpenSSL<unsigned char>(len);
24502458
memcpy(data, resp, len);
24512459

24522460
if (!SSL_set_tlsext_status_ocsp_resp(s, data, len))
2453-
free(data);
2461+
OPENSSL_free(data);
24542462
w->ocsp_response_.Reset();
24552463

24562464
return SSL_TLSEXT_ERR_OK;
@@ -2672,13 +2680,6 @@ static bool IsSupportedAuthenticatedMode(const EVP_CIPHER_CTX* ctx) {
26722680
return IsSupportedAuthenticatedMode(cipher);
26732681
}
26742682

2675-
template <typename T>
2676-
static T* MallocOpenSSL(size_t count) {
2677-
void* mem = OPENSSL_malloc(MultiplyWithOverflowCheck(count, sizeof(T)));
2678-
CHECK_IMPLIES(mem == nullptr, count == 0);
2679-
return static_cast<T*>(mem);
2680-
}
2681-
26822683
enum class ParsePublicKeyResult {
26832684
kParsePublicOk,
26842685
kParsePublicNotRecognized,

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.