[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Nov 12 09:53:25 UTC 2021
The branch master has been updated
via ed5b26ce0b34ec00bdd53d15854a22bccbb4d415 (commit)
from 87fd67d997b236d1202546345d18384a968c9206 (commit)
- Log -----------------------------------------------------------------
commit ed5b26ce0b34ec00bdd53d15854a22bccbb4d415
Author: Pauli <pauli at openssl.org>
Date: Thu Nov 11 06:49:49 2021 +1000
Add return value NULL checks that were missing
Issues located by Brian Carpenter of Geeknik's Farm.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17007)
-----------------------------------------------------------------------
Summary of changes:
crypto/async/async.c | 8 ++++++++
crypto/cms/cms_smime.c | 2 ++
crypto/property/property.c | 7 ++++---
crypto/provider_conf.c | 9 +++++----
ssl/t1_lib.c | 2 ++
5 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/crypto/async/async.c b/crypto/async/async.c
index 84c5876852..a320d455b7 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -138,6 +138,10 @@ static void async_release_job(ASYNC_JOB *job) {
async_pool *pool;
pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+ if (pool == NULL) {
+ ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR);
+ return;
+ }
OPENSSL_free(job->funcargs);
job->funcargs = NULL;
sk_ASYNC_JOB_push(pool->jobs, job);
@@ -148,6 +152,10 @@ void async_start_func(void)
ASYNC_JOB *job;
async_ctx *ctx = async_get_ctx();
+ if (ctx == NULL) {
+ ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR);
+ return;
+ }
while (1) {
/* Run the job */
job = ctx->currjob;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 0c3bbd03c3..4e80a13b4d 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -608,6 +608,8 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
/* Set embedded content */
pos = CMS_get0_content(cms);
+ if (pos == NULL)
+ goto err;
*pos = os;
r = 1;
diff --git a/crypto/property/property.c b/crypto/property/property.c
index 5df1bfc221..c087e741ed 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -118,7 +118,7 @@ OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx,
globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
&ossl_ctx_global_properties_method);
- return &globp->list;
+ return globp != NULL ? &globp->list : NULL;
}
#ifndef FIPS_MODULE
@@ -128,7 +128,7 @@ int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx)
= ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
&ossl_ctx_global_properties_method);
- return globp->no_mirrored ? 1 : 0;
+ return globp != NULL && globp->no_mirrored ? 1 : 0;
}
void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx)
@@ -137,7 +137,8 @@ void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx)
= ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES,
&ossl_ctx_global_properties_method);
- globp->no_mirrored = 1;
+ if (globp != NULL)
+ globp->no_mirrored = 1;
}
#endif
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index da3796d914..054261771a 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -146,9 +146,6 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
const char *path = NULL;
long activate = 0;
int ok = 0;
- PROVIDER_CONF_GLOBAL *pcgbl
- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
- &provider_conf_ossl_ctx_method);
name = skip_dot(name);
OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
@@ -185,7 +182,11 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
}
if (activate) {
- if (!CRYPTO_THREAD_write_lock(pcgbl->lock)) {
+ PROVIDER_CONF_GLOBAL *pcgbl
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
+ &provider_conf_ossl_ctx_method);
+
+ if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
return 0;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9345838f6a..fc32bb3556 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1267,6 +1267,8 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
for (i = 0; i < SSL_PKEY_NUM; i++) {
const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i);
+ if (clu == NULL)
+ continue;
if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) {
idx = i;
break;
More information about the openssl-commits
mailing list