mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

apps/ocsp: Add check for OPENSSL_strdup

Browse Source 
Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17677)
This commit is contained in:
Jiasheng Jiang 2022-02-10 15:41:40 +08:00 committed by Tomas Mraz
parent 0c5905581e
commit 8f084b4380
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/ocsp.c
View File

@ -1180,10 +1180,12 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
bn = ASN1_INTEGER_to_BN(ser, NULL);
OPENSSL_assert(bn); /* FIXME: should report an error at this
* point and abort */
if (BN_is_zero(bn))
if (BN_is_zero(bn)) {
itmp = OPENSSL_strdup("00");
else
OPENSSL_assert(itmp);
} else {
itmp = BN_bn2hex(bn);
}
row[DB_serial] = itmp;
BN_free(bn);
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);