Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Curl_failf may cause NULL access crash #15485

Closed
wxiaoguang opened this issue Nov 5, 2024 · 0 comments
Closed

Curl_failf may cause NULL access crash #15485

wxiaoguang opened this issue Nov 5, 2024 · 0 comments

Comments

@wxiaoguang
Copy link

wxiaoguang commented Nov 5, 2024

steps

Curl_failf does: if(data->set.verbose || data->set.errorbuffer)

There is a call path to pass NULL data to it:

Curl_socketpair -> Curl_rand(NULL) -> Curl_rand_bytes(NULL) -> randit(NULL) -> Curl_ssl_random(NULL) -> mbedtls_random(NULL) -> failf(NULL)

(if anything error happens in mbedtls_random)

curl/libcurl version

many versions including master branch

bagder added a commit that referenced this issue Nov 5, 2024
Since data can be NULL in here, calling failf() can be bad. Since should
also be a terribly rare error so the lack of error message for this
should be managable.

Reported-by: wxiaoguang on github
Fixes #15485
@bagder bagder closed this as completed in e1ed6b8 Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging a pull request may close this issue.

1 participant