ssl_engine_vars.c: Add check after calling ASN1_STRING_new

bugzilla Sun, 20 Feb 2022 23:16:23 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=65902


            Bug ID: 65902
           Summary: modules/ssl/ssl_engine_vars.c: Add check after calling
                    ASN1_STRING_new
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: jiash...@iscas.ac.cn
  Target Milestone: ---

Created attachment 38205
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38205&action=edit
0001-modules-ssl-ssl_engine_vars-Add-check-after-calling-ASN1_STRING_new

As the potential failure of the memory allocation,
the 'ret' could NULL pointer if fails.
And I have checked the OPENSSL docs of the 'd2i_DISPLAYTEXT'
(Link: https://www.openssl.org/docs/man3.0/man3/d2i_DISPLAYTEXT.html),
it could accept NULL pointer as a valid parameter and return success.
Then 'ret' will be dereferenced in ASN1_STRING_print_ex().
Therefore, it should be better to check ASN1_STRING_new() and return
error if fails.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 65902] New: modules/ssl/ssl_engine_vars.c: Add check after calling ASN1_STRING_new

Reply via email to