QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-30 11:44:37 +00:00
Code Issues Projects Releases Wiki Activity

Fix NULL pointer access caused by X509_ATTRIBUTE_create()

Browse Source 
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return
failure rather than silently constructing a broken X509_ATTRIBUTE object
that might cause NULL pointer accesses later on.  This matters because
X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3)
and the NID comes straight from the user.

This bug was found while working on LibreSSL documentation.

Reviewed-by: Theo Buehler <tb@openbsd.org>

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12052)
This commit is contained in:
Ingo Schwarze 2020-06-05 00:30:00 +02:00 committed by Tomas Mraz
parent 7a7ed5fc79
commit c4b2c53fad
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/x509/x_attrib.c
View File

@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{ {
X509_ATTRIBUTE *ret = NULL; X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL; ASN1_TYPE *val = NULL;
ASN1_OBJECT *oid;
if ((oid = OBJ_nid2obj(nid)) == NULL)
return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL) if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL; return NULL;
ret->object = OBJ_nid2obj(nid); ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL) if ((val = ASN1_TYPE_new()) == NULL)
goto err; goto err;
if (!sk_ASN1_TYPE_push(ret->set, val)) if (!sk_ASN1_TYPE_push(ret->set, val))