openssl: avoid NULL pointer dereference in three places
There are three potential NULL pointer dereference in EVP_DigestInit_ex(), dh_pub_encode() and dsa_pub_encode() functions. Fix them by adding proper null pointer check. [YOCTO #4600] [ CQID: WIND00373257 ] (From OE-Core rev: 4779d3c89cf0129763a4f5b7306c1247a0d6d021) Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
b9f0fc6e98
commit
c82255d90b
|
@ -0,0 +1,21 @@
|
||||||
|
openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
|
||||||
|
|
||||||
|
We should avoid accessing the type pointer if it's NULL,
|
||||||
|
this could happen if ctx->digest is not NULL.
|
||||||
|
|
||||||
|
Upstream-Status: Submitted
|
||||||
|
http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
|
||||||
|
|
||||||
|
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
|
||||||
|
---
|
||||||
|
--- a/crypto/evp/digest.c
|
||||||
|
+++ b/crypto/evp/digest.c
|
||||||
|
@@ -199,7 +199,7 @@
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
- if (ctx->digest != type)
|
||||||
|
+ if (type && (ctx->digest != type))
|
||||||
|
{
|
||||||
|
if (ctx->digest && ctx->digest->ctx_size)
|
||||||
|
OPENSSL_free(ctx->md_data);
|
|
@ -0,0 +1,39 @@
|
||||||
|
openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
|
||||||
|
|
||||||
|
We should avoid accessing the pointer if ASN1_STRING_new()
|
||||||
|
allocates memory failed.
|
||||||
|
|
||||||
|
Upstream-Status: Submitted
|
||||||
|
http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
|
||||||
|
|
||||||
|
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
|
||||||
|
---
|
||||||
|
--- a/crypto/dh/dh_ameth.c
|
||||||
|
+++ b/crypto/dh/dh_ameth.c
|
||||||
|
@@ -139,6 +139,12 @@
|
||||||
|
dh=pkey->pkey.dh;
|
||||||
|
|
||||||
|
str = ASN1_STRING_new();
|
||||||
|
+ if (!str)
|
||||||
|
+ {
|
||||||
|
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
str->length = i2d_DHparams(dh, &str->data);
|
||||||
|
if (str->length <= 0)
|
||||||
|
{
|
||||||
|
--- a/crypto/dsa/dsa_ameth.c
|
||||||
|
+++ b/crypto/dsa/dsa_ameth.c
|
||||||
|
@@ -148,6 +148,11 @@
|
||||||
|
{
|
||||||
|
ASN1_STRING *str;
|
||||||
|
str = ASN1_STRING_new();
|
||||||
|
+ if (!str)
|
||||||
|
+ {
|
||||||
|
+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
str->length = i2d_DSAparams(dsa, &str->data);
|
||||||
|
if (str->length <= 0)
|
||||||
|
{
|
|
@ -31,6 +31,8 @@ SRC_URI += "file://configure-targets.patch \
|
||||||
file://openssl_fix_for_x32.patch \
|
file://openssl_fix_for_x32.patch \
|
||||||
file://openssl-fix-doc.patch \
|
file://openssl-fix-doc.patch \
|
||||||
file://fix-cipher-des-ede3-cfb1.patch \
|
file://fix-cipher-des-ede3-cfb1.patch \
|
||||||
|
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
|
||||||
|
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
|
||||||
file://find.pl \
|
file://find.pl \
|
||||||
"
|
"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue