[openssl-dev] [openssl.org #3840] [PATCH] Add missing NULL check in X509V3_parse_list()

Kurt Cancemi via RT Fri, 08 May 2015 08:59:54 -0700

The return value of BUF_strdup is unchecked in X509V3_parse_list() the
attached patch fixes the issue.


---
Kurt Cancemi

>From a42d8f0e5dbc7d56268a06a99133957d09ac8a21 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi <k...@x64architecture.com>
Date: Thu, 7 May 2015 16:12:33 -0400
Subject: [PATCH] Add missing NULL check in X509V3_parse_list()

---
 crypto/x509v3/v3_utl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index debd807..fc3b4b1 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -286,6 +286,8 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
     int state;
     /* We are going to modify the line so copy it first */
     linebuf = BUF_strdup(line);
+    if (linebuf == NULL)
+        goto err;
     state = HDR_NAME;
     ntmp = NULL;
     /* Go through all characters */
-- 
2.4.0

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3840] [PATCH] Add missing NULL check in X509V3_parse_list()

Reply via email to