Remove an NULL ptr deref in an error path The |passwd| variable in the code can be NULL if it goes to the err label. Therefore we cannot call strlen on it without first checking that it is non NULL. Reviewed-by: Kurt Roeckx <kurt@openssl.org>

commit: d73ca3efa74bbb620a1e74deb5eec6f3d10203d5 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Tue Nov 10 23:12:36 2015 +0000
committer: Matt Caswell <matt@openssl.org> Tue Nov 17 11:17:37 2015 +0000
tree: 7a102c1f0b8feb798077ba2c237ed355cd9b2123
parent: e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6 [diff] [blame]
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 91b88cd..64a3f23 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c

@@ -393,7 +393,8 @@
  err:
     BN_clear_free(K);
     BN_clear_free(x);
-    OPENSSL_clear_free(passwd, strlen(passwd));
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
     BN_clear_free(u);
     return ret;
 }
commit	d73ca3efa74bbb620a1e74deb5eec6f3d10203d5	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Tue Nov 10 23:12:36 2015 +0000
committer	Matt Caswell <matt@openssl.org>	Tue Nov 17 11:17:37 2015 +0000
tree	7a102c1f0b8feb798077ba2c237ed355cd9b2123
parent	e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6 [diff] [blame]