[Openvpn-devel,2/3] openssl: avoid NULL pointer dereference

Message ID 20210405080007.1665-2-a@unstable.cc
State Accepted
Headers show
Series
  • [Openvpn-devel,1/3] openssl: fix EVP_PKEY_CTX memory leak
Related show

Commit Message

Antonio Quartulli April 5, 2021, 8 a.m.
From: Antonio Quartulli <antonio@openvpn.net>

EVP_PKEY_CTX_new_id() may return NULL and for this reason we must check
its return value and bail out in case of failure.

Failing to do so, may result in NULL pointer dereferece when we
pass the returned pointer (NULL) to other functions.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 src/openvpn/crypto_openssl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Gert Doering April 5, 2021, 10:40 a.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

According to OpenSSL documentation, this can indeed return NULL, 
so catch it... (Note: as for 1/3, this code is only in master, so
no need to backport to release/2.5)

Your patch has been applied to the master branch.

commit f3c7698957483e0ea0f14e712502d34c826c53ca
Author: Antonio Quartulli
Date:   Mon Apr 5 10:00:06 2021 +0200

     openssl: avoid NULL pointer dereference

     Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20210405080007.1665-2-a@unstable.cc>
     URL: https://www.mail-archive.com/search?l=mid&q=20210405080007.1665-2-a@unstable.cc
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index d54ca6d2..dc6b0fa7 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1125,8 +1125,13 @@  bool
 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
              int secret_len, uint8_t *output, int output_len)
 {
-    bool ret = false;
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    if (!pctx)
+    {
+        return false;
+    }
+
+    bool ret = false;
     if (!EVP_PKEY_derive_init(pctx))
     {
         goto out;