The return value of BUF_strdup is unchecked in X509V3_parse_list() the attached patch fixes the issue.
--- Kurt Cancemi
>From a42d8f0e5dbc7d56268a06a99133957d09ac8a21 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi <k...@x64architecture.com> Date: Thu, 7 May 2015 16:12:33 -0400 Subject: [PATCH] Add missing NULL check in X509V3_parse_list() --- crypto/x509v3/v3_utl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index debd807..fc3b4b1 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -286,6 +286,8 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) + goto err; state = HDR_NAME; ntmp = NULL; /* Go through all characters */ -- 2.4.0
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev