Skip to content

More NULL dereferences in x509asn1.c #13978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

More NULL dereferences in x509asn1.c #13978

wants to merge 1 commit into from

Conversation

z2-2z
Copy link
Contributor

@z2-2z z2-2z commented Jun 20, 2024
edited
Loading

Hello,

in #13972 you fixed a possible NULL dereference in the ASN1tostr() function.
The root cause was that when converting a Curl_asn1Element with length = 0 to a string,
the dynbuf temp in ASN1tostr() does not get initialized through
one path of the ASN1tostr() function such that Curl_dyn_ptr(&temp) then returns NULL.

Unfortunately there are at least 4 more paths through ASN1tostr() and its helper functions that lead to the same
outcome, involving the functions:

  • utf8asn1str()
  • octet2str()
  • OID2str()

This PR tries to fix the NULL derefs in one place instead of all the helper functions above.

For reference, I attached all 4 certificates that cause a NULL dereference:
crash-ecf257c87027696ed7f041bb764e0028adb95408
crash-26e2227eeeac47626b14bedfa6793b7c85223fca
crash-da35663a566f4c1ccd929bb658b64e2ab925cd07
crash-fddfc08fd1b21a188f99692c8aaf85fdc560ef5d

@github-actions github-actions bot added the TLS label Jun 20, 2024
@bagder bagder closed this in 36e9222 Jun 22, 2024
@bagder
Copy link
Member

bagder commented Jun 22, 2024

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bagder bagder bagder approved these changes

Assignees
No one assigned
Labels
TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@z2-2z @bagder