diff options
author | Zhou Qingyang <zhou1615@umn.edu> | 2022-04-12 00:25:26 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-04-21 08:10:09 +0200 |
commit | caf7a9cbcc7462314427c5594c0a50d457bdf3a5 (patch) | |
tree | d83ad2fa360687d48cc6520bd48744212d4fef51 | |
parent | 4f675d8c600bfde652aff28cb10c2d16be11fa65 (diff) |
Fix wild pointer dereference in make_ocsp_response()
The function OCSP_basic_add1_status() will return NULL on malloc failure.
However the return value is not checked before being passed to
OCSP_SINGLERESP_add1_ext_i2d(), and there is a wild field pointer,
which could lead to wild pointer dereference.
Fix this by adding return value check
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18081)
(cherry picked from commit 4d50a5467b0a208c61d163239a3544bae06343ea)
-rw-r--r-- | apps/ocsp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 05c6873238..7e2e89c387 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1115,6 +1115,11 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req single = OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_REVOKED, reason, revtm, thisupd, nextupd); + if (single == NULL) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, + NULL); + goto end; + } if (invtm != NULL) OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); |