Discussion:
[Ipmitool-devel] Changes in lanplus_crypt_impl.c
h***@ts.fujitsu.com
2017-03-29 06:26:21 UTC
Permalink
To whom it may concern,
the latest changes in lanplus_crypt_impl.c together with the OpenSSL 1.1
changes now leak the allocated cipher context on every call. You should call
EVP_CIPHER_CTX_free(ctx), also I would suggest to call
EVP_CIPHER_CTX_cleanup(ctx) always and not only in the success case (e.g.
move these 2 calls to the end of the function and fall through).

Best regards,
Holger Liebig
Zdenek Styblik
2017-03-29 06:56:08 UTC
Permalink
Post by h***@ts.fujitsu.com
To whom it may concern,
the latest changes in lanplus_crypt_impl.c together with the OpenSSL 1.1
changes now leak the allocated cipher context on every call. You should call
EVP_CIPHER_CTX_free(ctx), also I would suggest to call
EVP_CIPHER_CTX_cleanup(ctx) always and not only in the success case (e.g.
move these 2 calls to the end of the function and fall through).
Best regards,
Holger Liebig
Good morning Holger,

thank you for notification. Please, follow
https://sourceforge.net/p/ipmitool/bugs/480/ as I will post patch
there and will try to address/incorporate your comments.

Thank you very much.

Best regards,
Zdenek

--
Zdenek Styblik
Post by h***@ts.fujitsu.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ipmitool-devel mailing list
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
Loading...