mirror of
https://github.com/openssl/openssl.git
synced 2025-03-31 20:10:45 +08:00
rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure
RAND_get_rand_method() can return a NULL method pointer in the case of a malloc failure, so don't dereference it without a check. Reported-by: Zu-Ming Jiang (detected by FIFUZZ) Fixes #10480 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10483)
This commit is contained in:
Dr. Matthias St. Pierre
Pauli
parent
f5e77bb0fa
commit
0402c90ff9
@ -1150,6 +1150,8 @@ RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
|
||||
RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
|
||||
RAND_F_RAND_POOL_GROW:127:
|
||||
RAND_F_RAND_POOL_NEW:116:rand_pool_new
|
||||
RAND_F_RAND_PRIV_BYTES_EX:128:
|
||||
RAND_F_RAND_PSEUDO_BYTES:129:
|
||||
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
|
||||
RSA_F_CHECK_PADDING_MD:140:check_padding_md
|
||||
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
|
||||
|
||||
@ -311,6 +311,9 @@ int RAND_poll(void)
|
||||
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth == NULL)
|
||||
return 0;
|
||||
|
||||
if (meth == RAND_OpenSSL()) {
|
||||
/* fill random pool and seed the master DRBG */
|
||||
RAND_DRBG *drbg = RAND_DRBG_get0_master();
|
||||
@ -831,7 +834,7 @@ void RAND_seed(const void *buf, int num)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->seed != NULL)
|
||||
if (meth != NULL && meth->seed != NULL)
|
||||
meth->seed(buf, num);
|
||||
}
|
||||
|
||||
@ -839,7 +842,7 @@ void RAND_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->add != NULL)
|
||||
if (meth != NULL && meth->add != NULL)
|
||||
meth->add(buf, num, randomness);
|
||||
}
|
||||
|
||||
@ -851,18 +854,20 @@ void RAND_add(const void *buf, int num, double randomness)
|
||||
int rand_priv_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num)
|
||||
{
|
||||
RAND_DRBG *drbg;
|
||||
int ret;
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth != RAND_OpenSSL())
|
||||
return meth->bytes(buf, num);
|
||||
if (meth != NULL && meth != RAND_OpenSSL()) {
|
||||
if (meth->bytes != NULL)
|
||||
return meth->bytes(buf, num);
|
||||
RANDerr(RAND_F_RAND_PRIV_BYTES_EX, RAND_R_FUNC_NOT_IMPLEMENTED);
|
||||
return -1;
|
||||
}
|
||||
|
||||
drbg = OPENSSL_CTX_get0_private_drbg(ctx);
|
||||
if (drbg == NULL)
|
||||
return 0;
|
||||
if (drbg != NULL)
|
||||
return RAND_DRBG_bytes(drbg, buf, num);
|
||||
|
||||
ret = RAND_DRBG_bytes(drbg, buf, num);
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int RAND_priv_bytes(unsigned char *buf, int num)
|
||||
@ -873,10 +878,9 @@ int RAND_priv_bytes(unsigned char *buf, int num)
|
||||
int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num)
|
||||
{
|
||||
RAND_DRBG *drbg;
|
||||
int ret;
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth != RAND_OpenSSL()) {
|
||||
if (meth != NULL && meth != RAND_OpenSSL()) {
|
||||
if (meth->bytes != NULL)
|
||||
return meth->bytes(buf, num);
|
||||
RANDerr(RAND_F_RAND_BYTES_EX, RAND_R_FUNC_NOT_IMPLEMENTED);
|
||||
@ -884,11 +888,10 @@ int rand_bytes_ex(OPENSSL_CTX *ctx, unsigned char *buf, int num)
|
||||
}
|
||||
|
||||
drbg = OPENSSL_CTX_get0_public_drbg(ctx);
|
||||
if (drbg == NULL)
|
||||
return 0;
|
||||
if (drbg != NULL)
|
||||
return RAND_DRBG_bytes(drbg, buf, num);
|
||||
|
||||
ret = RAND_DRBG_bytes(drbg, buf, num);
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int RAND_bytes(unsigned char *buf, int num)
|
||||
@ -901,8 +904,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->pseudorand != NULL)
|
||||
if (meth != NULL && meth->pseudorand != NULL)
|
||||
return meth->pseudorand(buf, num);
|
||||
RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
@ -911,7 +915,7 @@ int RAND_status(void)
|
||||
{
|
||||
const RAND_METHOD *meth = RAND_get_rand_method();
|
||||
|
||||
if (meth->status != NULL)
|
||||
if (meth != NULL && meth->status != NULL)
|
||||
return meth->status();
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -57,6 +57,8 @@ int ERR_load_RAND_strings(void);
|
||||
# define RAND_F_RAND_POOL_BYTES_NEEDED 0
|
||||
# define RAND_F_RAND_POOL_GROW 0
|
||||
# define RAND_F_RAND_POOL_NEW 0
|
||||
# define RAND_F_RAND_PRIV_BYTES_EX 0
|
||||
# define RAND_F_RAND_PSEUDO_BYTES 0
|
||||
# define RAND_F_RAND_WRITE_FILE 0
|
||||
# endif
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user