From patchwork Sun Apr 4 22:00:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1712 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uB0eOb3DamD/FwAAIUCqbw (envelope-from ) for ; Mon, 05 Apr 2021 04:01:01 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id AAnhOL3DamBTbQAAalYnBA (envelope-from ) for ; Mon, 05 Apr 2021 04:01:01 -0400 Received: from smtp5.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id EJOSOL3DamDmPAAAetu3IA (envelope-from ) for ; Mon, 05 Apr 2021 04:01:01 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp5.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 0fe25e7e-95e5-11eb-ae2d-a4badb0b200d-1-1 Received: from [216.105.38.7] ([216.105.38.7:52714] helo=lists.sourceforge.net) by smtp5.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F3/37-14465-DB3CA606; Mon, 05 Apr 2021 04:01:01 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lTK9l-0004pT-5P; Mon, 05 Apr 2021 08:00:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lTK9j-0004pI-9F for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=A8CgdixcIHCmnapNF9o4ufjcrut6Rdnj7iywRjqOg5A=; b=eapMUXOlp63pRi/bmN6gdUEmjE BE5EtGvcySjm/tkvBuVFGUuXI6CZEbXUPVVjChwbVADvFKnHjFRQPBWBpQVgf+a/eVwTLt9XxxL9J LWYBB4m2zkzChhpVfJ/gzvoqadCm5Jqif8uyYmkA8wQks7sacOrVW+mxxdvTkLuR3dVM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=A8CgdixcIHCmnapNF9o4ufjcrut6Rdnj7iywRjqOg5A=; b=ab86IdVIaDwKjXWF6tl58fWVGr OJmI852a+qEJzxYlGDVwpdvP1IsArpiEJNA8MTMMWm7tWt2AHCnqiu4H2jCFqlqaVq4kwKRLL76dr /yRlEDdcKtaAPvi8MoJNFyL41458fqtyM+VYexk6UNNaIdKt3L4GilYS+lRKCetheDJE=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lTK9c-003QUT-HP for openvpn-devel@lists.sourceforge.net; Mon, 05 Apr 2021 08:00:19 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 5 Apr 2021 10:00:06 +0200 Message-Id: <20210405080007.1665-2-a@unstable.cc> In-Reply-To: <20210405080007.1665-1-a@unstable.cc> References: <20210405080007.1665-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lTK9c-003QUT-HP Subject: [Openvpn-devel] [PATCH 2/3] openssl: avoid NULL pointer dereference X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Antonio Quartulli EVP_PKEY_CTX_new_id() may return NULL and for this reason we must check its return value and bail out in case of failure. Failing to do so, may result in NULL pointer dereferece when we pass the returned pointer (NULL) to other functions. Signed-off-by: Antonio Quartulli Acked-by: Gert Doering --- src/openvpn/crypto_openssl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index d54ca6d2..dc6b0fa7 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1125,8 +1125,13 @@ bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len) { - bool ret = false; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); + if (!pctx) + { + return false; + } + + bool ret = false; if (!EVP_PKEY_derive_init(pctx)) { goto out;