potential null-deref bug in openssl.c #12099
Labels
Comments
|
You mean something like this? diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 9f9c8d136..6be86f871 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -536,13 +536,13 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl)
EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_N, &n);
EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_E, &e);
#else
RSA_get0_key(rsa, &n, &e, NULL);
#endif /* HAVE_EVP_PKEY_GET_PARAMS */
- BIO_printf(mem, "%d", BN_num_bits(n));
+ BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
#else
- BIO_printf(mem, "%d", BN_num_bits(rsa->n));
+ BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
#endif /* HAVE_OPAQUE_RSA_DSA_DH */
push_certinfo("RSA Public Key", i);
print_pubkey_BN(rsa, n, i);
print_pubkey_BN(rsa, e, i);
FREE_PKEY_PARAM_BIGNUM(n); |
bagder
added a commit
that referenced
this issue
Oct 12, 2023
Reported-by: icy17 on github Fixes #12099
|
Yes, you're correct! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did this
There is a potential null-dereference when calling BN_num_bits. Calling this API with a NULL pointer cause NULL-dereference.
I expected the following
It's better to check if n is NULL before calling this API.
curl/libcurl version
master
operating system
ubuntu
The text was updated successfully, but these errors were encountered: