diff options
| author | Matt Caswell <matt@openssl.org> | 2015-03-11 16:00:01 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-12 09:32:22 +0000 |
| commit | e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba (patch) | |
| tree | 3ea16d562e8620760c999168927330be09996a42 | |
| parent | 0c8f4229995bbb51bd29c314e2d71d7edce229de (diff) | |
| download | openssl-new-e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba.tar.gz | |
ASN1_primitive_new NULL param handling
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7)
| -rw-r--r-- | crypto/asn1/tasn_new.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index d25c68c545..7d2964f023 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_STRING *str; int utype; - if (it && it->funcs) { + if (!it) + return 0; + + if (it->funcs) { const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_new) return pf->prim_new(pval, it); } - if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + if (it->itype == ASN1_ITYPE_MSTRING) utype = -1; else utype = it->utype; |