Re: [PATCH 1/5] selftests/sgx: Fix uninitialized pointer dereference in error path.

From: Jo Van Bulck
Date: Mon Aug 07 2023 - 02:15:16 EST

Next message: Namhyung Kim: "[PATCH] perf tools: Handle old data in PERF_RECORD_ATTR"
Previous message: Alina Yu: "Re: [PATCH v5 1/2] regulator: dt-bindings: rtq2208: Add Richtek RTQ2208 SubPMIC"
In reply to: Huang, Kai: "Re: [PATCH 1/5] selftests/sgx: Fix uninitialized pointer dereference in error path."
Next in thread: Jo Van Bulck: "Re: [PATCH 1/5] selftests/sgx: Fix uninitialized pointer dereference in error path."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03.08.23 05:51, Huang, Kai wrote:

Is it safe to assume EVP_MD_CTX_destroy() can always handle a NULL ctx?

The manpage says:

EVP_MD_CTX_destroy() cleans up digest context ctx and frees up the space
allocated to it, it should be called only on a context created using
EVP_MD_CTX_create().

Thank you for pointing this out. Afais the implementations I've seen can handle NULL, and similar error-handling paths exists where EVP_MD_CTX_destroy() is called with a NULL pointer exist in several places in the openSSL code.

That being said, this indeed not explicit in the specification (unlike RSA_free() which is called just after and explicitly specifies that NULL is okay). So you're probably right that it's generally safer to not call EVP_MD_CTX_destroy() with a NULL pointer.

I'll include an extra check for this in the next patch revision.

Next message: Namhyung Kim: "[PATCH] perf tools: Handle old data in PERF_RECORD_ATTR"
Previous message: Alina Yu: "Re: [PATCH v5 1/2] regulator: dt-bindings: rtq2208: Add Richtek RTQ2208 SubPMIC"
In reply to: Huang, Kai: "Re: [PATCH 1/5] selftests/sgx: Fix uninitialized pointer dereference in error path."
Next in thread: Jo Van Bulck: "Re: [PATCH 1/5] selftests/sgx: Fix uninitialized pointer dereference in error path."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]