PSARC/2015/043 Further OpenSSL Thread and Fork Safety
19579036 proftpd child process segfaults after failed login attempt
21149030 SegFault when a cleanup callback is called before the cipher initialization
#
# This was developed in house. Upstream notified.
#
--- openssl-1.0.1m/crypto/evp/evp_enc.c.orig Tue Jun 2 13:18:15 2015
+++ openssl-1.0.1m/crypto/evp/evp_enc.c Tue Jun 2 13:19:19 2015
@@ -179,6 +179,7 @@
EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
return 0;
}
+ (void) memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
} else {
ctx->cipher_data = NULL;
}