[Bug 66137] New: Lacking a check for the return of BN_bn2dec()

bugzilla Wed, 22 Jun 2022 04:55:48 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=66137


            Bug ID: 66137
           Summary: Lacking a check for the return of BN_bn2dec()
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Missing a check for the return value of BN_bn2dec() in
https://github.com/apache/httpd/blob/a296776a6a5ba8fe1f91de181ca6ce6293b71a52/modules/ssl/ssl_engine_vars.c#L861.

While BN_bn2dec() returns a NULL-terminated string or NULL on error.
So it is better to check the return of it in time to catch the internal error
and prevent its propagation.

This is at least from 2.4.51 in
httpd-2.4.51/modules/ssl/ssl_engine_vars.c:777:29.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 66137] New: Lacking a check for the return of BN_bn2dec()

Reply via email to