diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-08-31 06:51:37 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-08-31 06:51:37 +0000 |
| commit | 3dd79e6ed2a1b2bc24d902aed0ad744c4f598e89 (patch) | |
| tree | 3a59af1500114dda3ae5d8b8979aea1c5f0c0f71 | |
| parent | 2f88c9962e085f06c57a5053493161073f5adba9 (diff) | |
Avoid potential NULL dereference in ssl_set_pkey()
Switch from X509_get_pubkey() to X509_get0_pubkey() to avoid an unnecessary
EVP_PKEY_free(). Check the return values of X509_get0_pubkey() and
EVP_PKEY_copy_parameters(). If the former returns NULL, the latter will
dereference NULL.
CID 25020
ok jsing
| -rw-r--r-- | lib/libssl/ssl_rsa.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index 192dc4291e6..98c1e1b7b38 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.45 2022/06/30 09:08:35 tb Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.46 2022/08/31 06:51:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -184,9 +184,13 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); - EVP_PKEY_copy_parameters(pktmp, pkey); - EVP_PKEY_free(pktmp); + + if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL) + return 0; + + if (!EVP_PKEY_copy_parameters(pktmp, pkey)) + return 0; + ERR_clear_error(); /* @@ -209,7 +213,7 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) c->key = &(c->pkeys[i]); c->valid = 0; - return (1); + return 1; } int |