[Openvpn-devel] [XS] Change in openvpn[master]: mbedtls: gracefully exit if certificate file is NULL

cron2 (Code Review) Sat, 06 Dec 2025 14:40:03 -0800

cron2 has uploaded a new patch set (#2) to the change originally created by 
syzzer. ( http://gerrit.openvpn.net/c/openvpn/+/1419?usp=email )


The following approvals got outdated and were removed:
Code-Review+2 by cron2


Change subject: mbedtls: gracefully exit if certificate file is NULL
......................................................................

mbedtls: gracefully exit if certificate file is NULL

Instead of crashing because we feed a NULL pointer to strlen(),
gracefully exit with an error message.

While at it, improve the error message a bit.

Change-Id: I0d592d9d0c7ead296869f933c206c5d55e6cbed1
Reported-By: Joshua Rogers <[email protected]>
Found-by: ZeroPath (https://zeropath.com/)
Signed-off-by: Steffan Karger <[email protected]>
Acked-by: Gert Doering <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1419
Message-Id: <[email protected]>
URL: 
https://www.mail-archive.com/[email protected]/msg34864.html
Signed-off-by: Gert Doering <[email protected]>
---
M src/openvpn/ssl_mbedtls.c
1 file changed, 5 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/19/1419/2

diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 83fca78..3440319 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -466,10 +466,14 @@

     if (cert_inline)
     {
+        if (!cert_file)
+        {
+            msg(M_FATAL, "Cannot load inline certificate: NULL");
+        }
         if (!mbed_ok(mbedtls_x509_crt_parse(ctx->crt_chain, (const unsigned 
char *)cert_file,
                                             strlen(cert_file) + 1)))
         {
-            msg(M_FATAL, "Cannot load inline certificate file");
+            msg(M_FATAL, "Cannot load inline certificate");
         }
     }
     else

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1419?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0d592d9d0c7ead296869f933c206c5d55e6cbed1
Gerrit-Change-Number: 1419
Gerrit-PatchSet: 2
Gerrit-Owner: syzzer <[email protected]>
Gerrit-Reviewer: cron2 <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [XS] Change in openvpn[master]: mbedtls: gracefully exit if certificate file is NULL

Reply via email to