The branch master has been updated via daa86f9e6bfeb83a5db976c6351f7a568a8d6dcb (commit) from 616581aaac2dda1557586f7b43fc3a3d926899c4 (commit)
- Log ----------------------------------------------------------------- commit daa86f9e6bfeb83a5db976c6351f7a568a8d6dcb Author: zsugabubus <zsugabu...@users.noreply.github.com> Date: Mon Jan 18 15:33:57 2021 +0100 Check input size before NULL pointer test inside mem_write() Checking is performed after the read-only test so it catches such errors earlier. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13786) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 3bdf457966..fe362d87fc 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -221,10 +221,6 @@ static int mem_write(BIO *b, const char *in, int inl) int blen; BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - if (in == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - goto end; - } if (b->flags & BIO_FLAGS_MEM_RDONLY) { ERR_raise(ERR_LIB_BIO, BIO_R_WRITE_TO_READ_ONLY_BIO); goto end; @@ -232,6 +228,10 @@ static int mem_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); if (inl == 0) return 0; + if (in == NULL) { + ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); + goto end; + } blen = bbm->readp->length; mem_buf_sync(b); if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)