https://bz.apache.org/bugzilla/show_bug.cgi?id=65902
Bug ID: 65902
Summary: modules/ssl/ssl_engine_vars.c: Add check after calling
ASN1_STRING_new
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 38205
--> https://bz.apache.org/bugzilla/attachment.cgi?id=38205&action=edit
0001-modules-ssl-ssl_engine_vars-Add-check-after-calling-ASN1_STRING_new
As the potential failure of the memory allocation,
the 'ret' could NULL pointer if fails.
And I have checked the OPENSSL docs of the 'd2i_DISPLAYTEXT'
(Link: https://www.openssl.org/docs/man3.0/man3/d2i_DISPLAYTEXT.html),
it could accept NULL pointer as a valid parameter and return success.
Then 'ret' will be dereferenced in ASN1_STRING_print_ex().
Therefore, it should be better to check ASN1_STRING_new() and return
error if fails.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
