https://bugs.exim.org/show_bug.cgi?id=2316
Bug ID: 2316
Summary: Missing Error Check in function X509_NAME_oneline()
Product: Exim
Version: 4.91
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146...@wizmail.org
Reporter: chi-l...@mails.tsinghua.edu.cn
CC: exim-dev@exim.org
Function X509_NAME_oneline() returns a valid string on success or NULL on
error. However, the function X509_NAME_oneline() didn't check the return value
is NULL or not. See the following details.
line: 384
code: X509_NAME_oneline(X509_get_subject_name(cert), CS dn, sizeof(dn));
The same situation is also occured in line 530 and 1739.
ref: https://github.com/Exim/exim/blob/exim-4_91%2Bfixes/src/src/tls-openssl.c
===================================================================
The following ref is about the specification of function X509_NAME_oneline.
ref: https://www.openssl.org/docs/manmaster/man3/X509_NAME_oneline.html.
We find the return value of this call been checked in openssl project with the
version of openssl 1.1.2.
Such as in openssl/crypto folder,
crypto/x509/x_name.c
ref: https://github.com/openssl/openssl/blob/master/crypto/x509/x_name.c
500: b = X509_NAME_oneline(name, NULL, 0);
501: if (!b)
502: return 0;
/crypto/x509v3/v3_alt.c
ref: https://github.com/openssl/openssl/blob/master/crypto/x509v3/v3_alt.c
104: if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL
105: || !X509V3_add_value("DirName", oline, &ret))
106: return NULL;
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
