Fix stack corruption in ui_readopenssl-3.1

This is an alternative to #20893 Additionally this fixes also a possible issue in UI_UTIL_read_pw: When UI_new returns NULL, the result code would still be zero as if UI_UTIL_read_pw succeeded, but the password buffer is left uninitialized, with subsequent possible stack corruption or worse. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20957) (cherry picked from commit a64c48cff88e032cf9513578493c4536df725a22)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2023-05-13 09:04:18 +0200
committer: Tomas Mraz <tomas@openssl.org> 2023-05-17 12:08:24 +0200
commit: 205e7e33a69f5d37887b3f80a8e529c929d23db8 (patch)
tree: 7c38dad40fcb5eeccd7be2e3d4677b683f63b163 /crypto/ui/ui_lib.c
parent: 8847320dd6a7ac5d5915f8aa538d720cd98f8946 (diff)
download: openssl-new-openssl-3.1.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 1ff8c6fa35..dbd2722bda 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -528,6 +528,10 @@ int UI_process(UI *ui)
                 ok = 0;
                 break;
             }
+        } else {
+            ui->flags &= ~UI_FLAG_REDOABLE;
+            ok = -2;
+            goto err;
         }
     }
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2023-05-13 09:04:18 +0200
committer	Tomas Mraz <tomas@openssl.org>	2023-05-17 12:08:24 +0200
commit	205e7e33a69f5d37887b3f80a8e529c929d23db8 (patch)
tree	7c38dad40fcb5eeccd7be2e3d4677b683f63b163 /crypto/ui/ui_lib.c
parent	8847320dd6a7ac5d5915f8aa538d720cd98f8946 (diff)
download	openssl-new-openssl-3.1.tar.gz