[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu May 6 01:01:55 UTC 2021
The branch master has been updated
via a35536b52d91d02cbfeef22d1373a92252d19d62 (commit)
from 08a337fac6d56a3b9419f4fbf9a19af958c9c2a1 (commit)
- Log -----------------------------------------------------------------
commit a35536b52d91d02cbfeef22d1373a92252d19d62
Author: Pauli <pauli at openssl.org>
Date: Tue May 4 08:23:10 2021 +1000
coverity: fix 1478169: dereference after NULL check
The code path shouldn't occur in our code but could in an application.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15128)
-----------------------------------------------------------------------
Summary of changes:
crypto/pkcs12/p12_p8e.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index ac2c7ef537..5351e11d34 100644
--- a/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
@@ -22,13 +22,21 @@ X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher,
X509_SIG *p8 = NULL;
X509_ALGOR *pbe;
- if (pbe_nid == -1)
+ if (pbe_nid == -1) {
+ if (cipher == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1,
libctx);
- else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+ } else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+ if (cipher == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, pbe_nid,
libctx);
- else {
+ } else {
ERR_clear_error();
pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx);
}
More information about the openssl-commits
mailing list