[openssl/openssl] bc930b: Add check for xor_get_aid()

JiashengJiang noreply at github.com
Tue Mar 12 18:35:12 UTC 2024


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: bc930bed20d7462afecbb9d947286a335975c04a
      https://github.com/openssl/openssl/commit/bc930bed20d7462afecbb9d947286a335975c04a
  Author: Jiasheng Jiang <jiasheng at purdue.edu>
  Date:   2024-03-12 (Tue, 12 Mar 2024)

  Changed paths:
    M test/tls-provider.c

  Log Message:
  -----------
  Add check for xor_get_aid()

Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference.

For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL.

Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more")
Signed-off-by: Jiasheng Jiang <jiasheng at purdue.edu>

Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23764)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list