File CVE-2012-0027.patch of Package openssl.444
Index: openssl-1.0.0c/engines/ccgost/gost2001_keyx.c
===================================================================
--- openssl-1.0.0c.orig/engines/ccgost/gost2001_keyx.c
+++ openssl-1.0.0c/engines/ccgost/gost2001_keyx.c
@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
+ if(!param){
+ goto err;
+ }
+
gost_init(&ctx,param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
Index: openssl-1.0.0c/engines/ccgost/gost94_keyx.c
===================================================================
--- openssl-1.0.0c.orig/engines/ccgost/gost94_keyx.c
+++ openssl-1.0.0c/engines/ccgost/gost94_keyx.c
@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *
}
param = get_encryption_params(gkt->key_agreement_info->cipher);
+ if(!param){
+ goto err;
+ }
+
gost_init(&cctx,param->sblock);
OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);