Avoid NULL pointer dereference

Function readbuffer_gets() misses some of the initial checks of its arguments. Not checking them can lead to a later NULL pointer dereferences. The checks are now unified with the checks in readbuffer_read() function. CLA: trivial Fixes #23915 Signed-off-by: Radek Krejci <radek.krejci@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23918)
2024-11-27 05:21:51 +08:00 · 2024-03-21 13:19:23 +01:00 · 2024-03-21 13:19:23 +01:00 · c215d75f94
commit c215d75f94
parent f35c089413
1 changed files with 4 additions and 1 deletions
--- a/crypto/bio/bf_readbuff.c
+++ b/crypto/bio/bf_readbuff.c
@ -222,10 +222,13 @@ static int readbuffer_gets(BIO *b, char *buf, int size)
    char *p;
    int i, j;

-    if (size == 0)
+    if (buf == NULL || size == 0)
        return 0;
    --size; /* the passed in size includes the terminator - so remove it here */
    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if (ctx == NULL || b->next_bio == NULL)
+        return 0;
    BIO_clear_retry_flags(b);

    /* If data is already buffered then use this first */