diff options
author | Zhou Qingyang <zhou1615@umn.edu> | 2022-04-08 21:43:37 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-05-16 10:43:43 +0200 |
commit | 76e18f94a9de17c5720b80c78cc453fae572fb62 (patch) | |
tree | 1dba5efeb7e69e3ce3cda75a246e221d58aad44e /ssl | |
parent | 1b75a1dd1b607234255102bee362ab6f559f42c1 (diff) |
Add return value check of EVP_PKEY_copy_parameters () in ssl_set_cert_and_key()
It seems the return value of EVP_PKEY_copy_parameters() in
ssl_set_cert_and_key(), and could lead to null pointer dereference in
EVP_PKEY_eq() function.
However those functions are complicated and this fix is suggested by
a static analyzer, so please advise.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18071)
(cherry picked from commit 6646e015a50e5455117c22a27032011689db710f)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_rsa.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index cf410d6d87..a43b9bddcd 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -920,11 +920,17 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr goto out; } else { /* copy to privatekey from pubkey */ - EVP_PKEY_copy_parameters(privatekey, pubkey); + if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) { + ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED); + goto out; + } } } else if (EVP_PKEY_missing_parameters(pubkey)) { /* copy to pubkey from privatekey */ - EVP_PKEY_copy_parameters(pubkey, privatekey); + if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) { + ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED); + goto out; + } } /* else both have parameters */ /* check that key <-> cert match */ |