mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add return value check of EVP_PKEY_copy_parameters () in ssl_set_cert_and_key()

Browse Source 
It seems the return value of EVP_PKEY_copy_parameters() in
ssl_set_cert_and_key(), and could lead to null pointer dereference in
EVP_PKEY_eq() function.

However those functions are complicated and this fix is suggested by
a static analyzer, so please advise.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18071)
This commit is contained in:
Zhou Qingyang 2022-04-08 21:43:37 +08:00 committed by Tomas Mraz
parent e5f831a065
commit 6646e015a5
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/ssl_rsa.c
View File

@ -921,11 +921,17 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
goto out;
} else {
/* copy to privatekey from pubkey */
EVP_PKEY_copy_parameters(privatekey, pubkey);
if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
goto out;
}
}
} else if (EVP_PKEY_missing_parameters(pubkey)) {
/* copy to pubkey from privatekey */
EVP_PKEY_copy_parameters(pubkey, privatekey);
if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
goto out;
}
} /* else both have parameters */
/* check that key <-> cert match */