[stunnel-users] src/ssl.c:319 - RAND_get_rand_method() may return NULL

Gleydson Soares Thu, 03 Mar 2022 11:55:31 -0800

Hello,

The following patch avoids crashess. In src/ssl.c:prng_init(), the
RAND_get_rand_method() may return NULL so strict the check to skip PRNG
initialization.


Diff inline below, against 5.62

        gsoares

--- ssl.c.orig  Thu Mar  3 16:10:39 2022
+++ ssl.c       Thu Mar  3 16:13:17 2022
@@ -354,7 +354,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *global) {
     const RAND_METHOD *meth=RAND_get_rand_method();
 
     /* skip PRNG initialization when no seeding methods are available */
-    if(meth->status==NULL || meth->add==NULL) {
+    if(meth==NULL || meth->status==NULL || meth->add==NULL) {
         s_log(LOG_DEBUG, "No PRNG seeding methods");
         return 0; /* success */
     }

_______________________________________________
stunnel-users mailing list -- stunnel-users@stunnel.org
To unsubscribe send an email to stunnel-users-le...@stunnel.org

[stunnel-users] src/ssl.c:319 - RAND_get_rand_method() may return NULL

Reply via email to