diff options
| author | Jiasheng Jiang <jiasheng@purdue.edu> | 2024-03-06 17:08:06 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-03-12 19:32:32 +0100 |
| commit | bc930bed20d7462afecbb9d947286a335975c04a (patch) | |
| tree | 293eac859232234d1e66252d999b786cf1f1669b /test/tls-provider.c | |
| parent | Improve the documentation on -cert_chain and -status_verbose options (diff) | |
| download | openssl-bc930bed20d7462afecbb9d947286a335975c04a.tar.xz openssl-bc930bed20d7462afecbb9d947286a335975c04a.zip | |
Add check for xor_get_aid()
Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference.
For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL.
Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23764)
Diffstat (limited to 'test/tls-provider.c')
| -rw-r--r-- | test/tls-provider.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/test/tls-provider.c b/test/tls-provider.c index 53e1d53ffa..6d66fdf8e1 100644 --- a/test/tls-provider.c +++ b/test/tls-provider.c @@ -2691,6 +2691,10 @@ static int xor_sig_setup_md(PROV_XORSIG_CTX *ctx, OPENSSL_free(ctx->aid); ctx->aid = NULL; ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name); + if (ctx->aid_len <= 0) { + EVP_MD_free(md); + return 0; + } ctx->mdctx = NULL; ctx->md = md; |