Potential NULL dereference #10404

ManSoSec · 2019-11-10T18:38:51Z

Most of the functions that receive EVP_PKEY have a null check on pkey argument, like:

openssl/crypto/evp/p_lib.c

Line 41 in 1903a9b

if (pkey == NULL)

openssl/crypto/evp/p_lib.c

Line 50 in 1903a9b

if (pkey && pkey->ameth && pkey->ameth->pkey_size)

While a null check is missed in EVP_PKEY_missing_parameters:

openssl/crypto/evp/p_lib.c

Lines 106 to 108 in 1903a9b

    
           int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) 
        
           { 
        
               if (pkey->ameth && pkey->ameth->param_missing)

We noticed it is possible the input of this function might be null. For example X509_get0_pubkey might return null:

openssl/apps/ca.c

Lines 1917 to 1918 in 5388f98

    
           pktmp = X509_get0_pubkey(ret); 
        
           if (EVP_PKEY_missing_parameters(pktmp) &&

We believe there should be a null check on pkey in EVP_PKEY_missing_parameters function, otherwise, there will be a NULL dereference.

Thanks!

The text was updated successfully, but these errors were encountered:

ManSoSec added the issue: bug report The issue was opened to report a bug label Nov 10, 2019

mattcaswell added triaged: bug The issue/pr is/fixes a bug and removed issue: bug report The issue was opened to report a bug labels Nov 12, 2019

paulidale mentioned this issue Nov 20, 2019

EVP p_lib: Add NULL check to EVP_PKEY_missing_parameters. #10474

Closed

paulidale closed this as completed Nov 21, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Potential NULL dereference #10404

Potential NULL dereference #10404

ManSoSec commented Nov 10, 2019 •

edited

Potential NULL dereference #10404

Potential NULL dereference #10404

Comments

ManSoSec commented Nov 10, 2019 • edited

ManSoSec commented Nov 10, 2019 •

edited