The branch master has been updated
via 86f32187c31fcff88253fcead04196563c04be09 (commit)
from c61ced5ec50fc68707c7cea79f7df1d170f03f13 (commit)
- Log -----------------------------------------------------------------
commit 86f32187c31fcff88253fcead04196563c04be09
Author: Pauli <[email protected]>
Date: Mon Apr 6 11:53:10 2020 +1000
params: avoid a core dump with a null pointer and a get string call
Previous a get string (UTF8 or octet) params call would memcpy(2) from a
NULL
pointer if the OSSL_PARAM didn't have its data field set. This change makes
the operation fail rather than core dump and it returns to param size (if
set).
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/11474)
-----------------------------------------------------------------------
Summary of changes:
crypto/params.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/params.c b/crypto/params.c
index 5d1fc6a6f2..64d53c50e3 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -778,6 +778,8 @@ static int get_string_internal(const OSSL_PARAM *p, void
**val, size_t max_len,
if (sz == 0)
return 1;
+ if (p->data == NULL)
+ return 0;
if (*val == NULL) {
char *const q = OPENSSL_malloc(sz);
