Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 577
    • Issues 577
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 111
    • Merge requests 111
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #841
Closed
Open
Issue created Jan 25, 2019 by Petr Menšík@pemensikContributor

Allow NULL pointer in OpenSSL free function anytime

I was trying SoftHSM plugin along with OpenSSL PKCS#11 engine today. I found SoftHSM 2.5 would crash in Bind 9.11.5 if used like I did.

I did not use native PKCS#11.

dnssec-keyfromlabel -E pkcs11 -a RSASHA256 -l 'pkcs11:token=DNS;object=DNS2;pin-value=1234' test

The thing is, i reported an issue to SoftHSM, but there is also failure on BIND side. I fixed it and it crashed again. mem_free() from lib/dns/openssl_link.c would crash, even if null pointer is passed to BN_free(). I think INSIST should be moved into if (prt != NULL).

Or better, would it be possible to remove custom memory allocator from OpenSSL? Already done on devel brach in commit 7fc78e7c. It is doing more damage than protection, at least on my experiments with OpenSSL engines.

Is there some place it prevented the leakage?

Edited Jan 25, 2019 by Petr Menšík
Assignee
Assign to
Time tracking