diff options
author | Pauli <pauli@openssl.org> | 2021-05-04 00:23:10 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-05-06 03:01:30 +0200 |
commit | a35536b52d91d02cbfeef22d1373a92252d19d62 (patch) | |
tree | a25bffa4d62e942b8c25f5fe3de74971f9bc1b68 | |
parent | Remove all trace of FIPS_mode functions (diff) | |
download | openssl-a35536b52d91d02cbfeef22d1373a92252d19d62.tar.xz openssl-a35536b52d91d02cbfeef22d1373a92252d19d62.zip |
coverity: fix 1478169: dereference after NULL check
The code path shouldn't occur in our code but could in an application.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15128)
-rw-r--r-- | crypto/pkcs12/p12_p8e.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index ac2c7ef537..5351e11d34 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -22,13 +22,21 @@ X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, X509_SIG *p8 = NULL; X509_ALGOR *pbe; - if (pbe_nid == -1) + if (pbe_nid == -1) { + if (cipher == NULL) { + ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, libctx); - else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) + } else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) { + if (cipher == NULL) { + ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, pbe_nid, libctx); - else { + } else { ERR_clear_error(); pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx); } |