From c36b39b5cd685fc5eae84ece247e7873a27d8834 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 3 Jul 2018 08:02:37 +1000 Subject: Check for NULL conf in NCONF_get_number The problematic case falls back to a NULL conf which returns the result of getenv(2). If this returns NULL, everything was good. If this returns a string an attempt to convert it to a number is made using the function pointers from conf. This fix uses the strtol(3) function instead, we don't have the configuration settings and this behaves as the default would. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6632) --- crypto/conf/conf_lib.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'crypto/conf') diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index c72511ba67..5f976f35c4 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -292,10 +292,13 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, if (str == NULL) return 0; - for (*result = 0; conf->meth->is_number(conf, *str);) { - *result = (*result) * 10 + conf->meth->to_int(conf, *str); - str++; - } + if (conf == NULL) + *result = strtol(str, &str, 10); + else + for (*result = 0; conf->meth->is_number(conf, *str);) { + *result = (*result) * 10 + conf->meth->to_int(conf, *str); + str++; + } return 1; } -- cgit v1.2.3