240230 – openssl segfaults if RUN_ONCE fails

Bug 240230 - openssl segfaults if RUN_ONCE fails

Summary: openssl segfaults if RUN_ONCE fails

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-08-31 12:03 UTC by Andrew "RhodiumToad" Gierth
Modified:	2019-08-31 12:03 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew "RhodiumToad" Gierth 2019-08-31 12:03:31 UTC

RAND_get_rand_method returns NULL if RUN_ONCE fails, but none of its callers check for this condition, and so they immediately segfault from deferencing the NULL.

(RUN_ONCE fails if libthr is not in the process, for example because openssl was static-linked without it. This aspect of the issue is the subject of another bug report; but if RUN_ONCE can legitimately fail for any other reason, then this is an independent bug in openssl.)

Affects CURRENT and 12-STABLE, probably not 11 (not checked).