The branch master has been updated via ed5b26ce0b34ec00bdd53d15854a22bccbb4d415 (commit) from 87fd67d997b236d1202546345d18384a968c9206 (commit)
- Log ----------------------------------------------------------------- commit ed5b26ce0b34ec00bdd53d15854a22bccbb4d415 Author: Pauli <pa...@openssl.org> Date: Thu Nov 11 06:49:49 2021 +1000 Add return value NULL checks that were missing Issues located by Brian Carpenter of Geeknik's Farm. Reviewed-by: Tomas Mraz <to...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17007) ----------------------------------------------------------------------- Summary of changes: crypto/async/async.c | 8 ++++++++ crypto/cms/cms_smime.c | 2 ++ crypto/property/property.c | 7 ++++--- crypto/provider_conf.c | 9 +++++---- ssl/t1_lib.c | 2 ++ 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/crypto/async/async.c b/crypto/async/async.c index 84c5876852..a320d455b7 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -138,6 +138,10 @@ static void async_release_job(ASYNC_JOB *job) { async_pool *pool; pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); + if (pool == NULL) { + ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR); + return; + } OPENSSL_free(job->funcargs); job->funcargs = NULL; sk_ASYNC_JOB_push(pool->jobs, job); @@ -148,6 +152,10 @@ void async_start_func(void) ASYNC_JOB *job; async_ctx *ctx = async_get_ctx(); + if (ctx == NULL) { + ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR); + return; + } while (1) { /* Run the job */ job = ctx->currjob; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 0c3bbd03c3..4e80a13b4d 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -608,6 +608,8 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, /* Set embedded content */ pos = CMS_get0_content(cms); + if (pos == NULL) + goto err; *pos = os; r = 1; diff --git a/crypto/property/property.c b/crypto/property/property.c index 5df1bfc221..c087e741ed 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -118,7 +118,7 @@ OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx, globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, &ossl_ctx_global_properties_method); - return &globp->list; + return globp != NULL ? &globp->list : NULL; } #ifndef FIPS_MODULE @@ -128,7 +128,7 @@ int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx) = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, &ossl_ctx_global_properties_method); - return globp->no_mirrored ? 1 : 0; + return globp != NULL && globp->no_mirrored ? 1 : 0; } void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx) @@ -137,7 +137,8 @@ void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx) = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, &ossl_ctx_global_properties_method); - globp->no_mirrored = 1; + if (globp != NULL) + globp->no_mirrored = 1; } #endif diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index da3796d914..054261771a 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -146,9 +146,6 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, const char *path = NULL; long activate = 0; int ok = 0; - PROVIDER_CONF_GLOBAL *pcgbl - = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, - &provider_conf_ossl_ctx_method); name = skip_dot(name); OSSL_TRACE1(CONF, "Configuring provider %s\n", name); @@ -185,7 +182,11 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, } if (activate) { - if (!CRYPTO_THREAD_write_lock(pcgbl->lock)) { + PROVIDER_CONF_GLOBAL *pcgbl + = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, + &provider_conf_ossl_ctx_method); + + if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9345838f6a..fc32bb3556 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1267,6 +1267,8 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) for (i = 0; i < SSL_PKEY_NUM; i++) { const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i); + if (clu == NULL) + continue; if (clu->amask & s->s3.tmp.new_cipher->algorithm_auth) { idx = i; break;