From b9a86d5dd8b5bd33be42390bcbb5121fe0ae71a1 Mon Sep 17 00:00:00 2001 From: Zhou Qingyang Date: Fri, 25 Mar 2022 20:28:32 +0800 Subject: Fix possible null pointer dereference of evp_pkey_get_legacy() evp_pkey_get_legacy() will return NULL on failure, however several uses of it or its wrappers does not check the return value of evp_pkey_get_legacy(), which could lead to NULL pointer dereference. Fix those possible bugs by adding NULL checking. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17967) --- crypto/dh/dh_ameth.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'crypto/dh/dh_ameth.c') diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index b2ff8c3eb5..47a6ab7d0c 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -393,14 +393,21 @@ int DHparams_print(BIO *bp, const DH *x) static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { + DH *dh; switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: /* We should only be here if we have a legacy key */ if (!ossl_assert(evp_pkey_is_legacy(pkey))) return 0; - return ossl_dh_buf2key(evp_pkey_get0_DH_int(pkey), arg2, arg1); + dh = (DH *) evp_pkey_get0_DH_int(pkey); + if (dh == NULL) + return 0; + return ossl_dh_buf2key(dh, arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); + dh = (DH *) EVP_PKEY_get0_DH(pkey); + if (dh == NULL) + return 0; + return ossl_dh_key2buf(dh, arg2, 0, 1); default: return -2; } -- cgit v1.2.3