mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00
Code

openssl: avoid NULL pointer dereference

Browse Source 
EVP_PKEY_CTX_new_id() may return NULL and for this reason we must check
its return value and bail out in case of failure.

Failing to do so, may result in NULL pointer dereferece when we
pass the returned pointer (NULL) to other functions.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210405080007.1665-2-a@unstable.cc>
URL: https://www.mail-archive.com/search?l=mid&q=20210405080007.1665-2-a@unstable.cc
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Antonio Quartulli 2021-04-05 10:00:06 +02:00 committed by Gert Doering
parent 24e58164b8
commit f3c7698957
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/openvpn/crypto_openssl.c
View File

@ -1125,8 +1125,13 @@ bool
ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
int secret_len, uint8_t *output, int output_len) int secret_len, uint8_t *output, int output_len)
{ {
bool ret = false;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (!pctx)
{
return false;
}
bool ret = false;
if (!EVP_PKEY_derive_init(pctx)) if (!EVP_PKEY_derive_init(pctx))
{ {
goto out; goto out;