Fix use-after-free

Also fix a RANDerr call. Reviewed-by: N Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3947)

Fix use-after-free
Also fix a RANDerr call. Reviewed-by: N Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3947)
54e5ba05 · Rich Salz · f1b8b001 · 54e5ba05 · 54e5ba05
隐藏空白更改
内联并排

Showing with 7 addition and 4 deletion

apps/app_rand.c apps/app_rand.c +6 -3

crypto/rand/randfile.c crypto/rand/randfile.c +1 -1

未找到文件。
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -13,7 +13,7 @@
 #include <openssl/rand.h>
 #include <openssl/conf.h>

-static const char *save_rand_file;
+static char *save_rand_file;

 void app_RAND_load_conf(CONF *c, const char *section)
 {
@@ -29,7 +29,7 @@ void app_RAND_load_conf(CONF *c, const char *section)
        return;
    }
    if (save_rand_file == NULL)
-        save_rand_file = randfile;
+        save_rand_file = OPENSSL_strdup(randfile);
 }

 static int loadfiles(char *name)
@@ -66,6 +66,8 @@ void app_RAND_write(void)
        BIO_printf(bio_err, "Cannot write random bytes:\n");
        ERR_print_errors(bio_err);
    }
+    OPENSSL_free(save_rand_file);
+    save_rand_file =  NULL;
 }


@@ -84,7 +86,8 @@ int opt_rand(int opt)
        return loadfiles(opt_arg());
        break;
    case OPT_R_WRITERAND:
-        save_rand_file = opt_arg();
+        OPENSSL_free(save_rand_file);
+        save_rand_file = OPENSSL_strdup(opt_arg());
        break;
    }
    return 1;

--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -176,7 +176,7 @@ int RAND_write_file(const char *file)
    if (out == NULL)
        out = openssl_fopen(file, "wb");
    if (out == NULL) {
-        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
        ERR_add_error_data(2, "Filename=", file);
        return -1;
    }