More NULL dereferences in x509asn1.c#13978
Closed
z2-2z wants to merge 1 commit intocurl:masterfrom
z2-2z:master
Closed
More NULL dereferences in x509asn1.c#13978z2-2z wants to merge 1 commit intocurl:masterfrom z2-2z:master
z2-2z wants to merge 1 commit intocurl:masterfrom
z2-2z:master
Conversation
bagder
approved these changes
Jun 20, 2024
Member
|
Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello,
in #13972 you fixed a possible NULL dereference in the
ASN1tostr()function.The root cause was that when converting a
Curl_asn1Elementwith length = 0 to a string,the dynbuf
tempinASN1tostr()does not get initialized throughone path of the
ASN1tostr()function such thatCurl_dyn_ptr(&temp)then returns NULL.Unfortunately there are at least 4 more paths through
ASN1tostr()and its helper functions that lead to the sameoutcome, involving the functions:
utf8asn1str()octet2str()OID2str()This PR tries to fix the NULL derefs in one place instead of all the helper functions above.
For reference, I attached all 4 certificates that cause a NULL dereference:
crash-ecf257c87027696ed7f041bb764e0028adb95408
crash-26e2227eeeac47626b14bedfa6793b7c85223fca
crash-da35663a566f4c1ccd929bb658b64e2ab925cd07
crash-fddfc08fd1b21a188f99692c8aaf85fdc560ef5d