Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unchecked EVP_MD_CTX_new() return value in OCSP_basic_sign() #6973

Closed
Jason2031 opened this issue Aug 16, 2018 · 1 comment
Closed

Unchecked EVP_MD_CTX_new() return value in OCSP_basic_sign() #6973

Jason2031 opened this issue Aug 16, 2018 · 1 comment
Labels
branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Milestone
Assessed

Comments

@Jason2031
Copy link
Contributor

Function EVP_MD_CTX_new() returns a NULL pointer if there is no enough memory. To avoid potential NULL dereference, its return value should be checked against NULL. However, in function OCSP_basic_sign(), its return value is directly used without NULL check. This may result in a NULL dereference bug. Codes related to this bug are as follow:

int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                    STACK_OF(X509) *certs, unsigned long flags)
{
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    EVP_PKEY_CTX *pkctx = NULL;
    int i;

    if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) {
        EVP_MD_CTX_free(ctx);
        return 0;
    }
    i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags);
    EVP_MD_CTX_free(ctx);
    return i;
}

Function EVP_DigestSignInit() use ctx without checking if it is non-NULL.
Jason2031 added a commit to Jason2031/openssl that referenced this issue Aug 16, 2018
@Jason2031
crypto/ocsp/ocsp_srv.c: add missing check for EVP_MD_CTX_new()
c4b68b5 
Function EVP_MD_CTX_new() may return NULL on failure, add nptr checking.
Fixes openssl#6973
@Jason2031 Jason2031 mentioned this issue Aug 16, 2018
Closed
@mattcaswell mattcaswell added this to the Assessed milestone Aug 20, 2018
@levitte levitte added branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels Aug 23, 2018
@paulidale paulidale mentioned this issue Sep 2, 2018
Closed
@paulidale
Copy link
Contributor

Fixed by #7087

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Projects
None yet
Milestone
Assessed
Development

No branches or pull requests
4 participants
@levitte @mattcaswell @Jason2031 @paulidale