Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix deref after null #17293

Closed
wants to merge 3 commits into from
Closed

Fix deref after null #17293

wants to merge 3 commits into from

Conversation

Goblenus
Copy link

ctx may be NULL at 178 line

@openssl-machine openssl-machine added the hold: cla required The contributor needs to submit a license agreement label Dec 16, 2021
Fix deref after null
9c62261 
ctx may be NULL at 178 line

CLA: trivial
@openssl-machine openssl-machine removed the hold: cla required The contributor needs to submit a license agreement label Dec 16, 2021
t8m
t8m requested changes Dec 16, 2021
View reviewed changes
providers/implementations/storemgmt/file_store.c Outdated
Comment on lines 193 to 195
file_close(ctx);
if (ctx != NULL)
file_close(ctx);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is actually no point in calling file_close(ctx) here. Just call free_file_ctx(ctx) which works with NULL argument.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

providers/implementations/storemgmt/file_store.c Outdated
Comment on lines 767 to 769
if (loaderctx == NULL)
assert(0);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think we want such assert calls. Please drop this.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@t8m t8m added branch: 3.0 Merge to openssl-3.0 branch branch: master Merge to master branch cla: trivial One of the commits is marked as 'CLA: trivial' triaged: bug The issue/pr is/fixes a bug labels Dec 16, 2021
@Goblenus Goblenus requested a review from t8m December 16, 2021 14:08
t8m
t8m previously approved these changes Dec 16, 2021
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am OK with CLA: trivial

@t8m t8m added the approval: review pending This pull request needs review by a committer label Dec 16, 2021
mattcaswell
mattcaswell reviewed Dec 16, 2021
View reviewed changes
providers/implementations/storemgmt/file_store.c Outdated
@@ -190,7 +190,7 @@ static void *file_open_dir(const char *path, const char *uri, void *provctx)
}
return ctx;
err:
file_close(ctx);
free_file_ctx(ctx);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really the correct behaviour? We can end up here if OPENSSL_DIR_read returns a NULL value and errno != 0. If that occurs but OPENSSL_DIR_read still populated ctx->_.dir.ctx then file_close still seems like the correct thing to do. Looking at LPdir_unix.c it seems that this could actually happen if the readdir call here returns NULL:

openssl/crypto/LPdir_unix.c

Lines 129 to 132 in dd2fcc1

direntry = readdir((*ctx)->dir);
if (direntry == NULL) {
return 0;
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, you're right.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Return file_close back?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the correct fix is to just return NULL instead of the first goto err; in the function.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem. Need some time. Do my way home.

@t8m t8m self-requested a review December 16, 2021 16:38
@t8m t8m dismissed their stale review December 16, 2021 16:38

incorrect

@Goblenus
Copy link
Author

Goblenus commented Dec 17, 2021
edited

@t8m Sorry for that long delay. Can you verify it once more :) Done my best this time :)

@t8m
Copy link
Member

t8m commented Dec 17, 2021

LGTM

@Goblenus
Copy link
Author

Goblenus commented Dec 17, 2021
edited

@t8m Should I need to set "Resolved" all outdated code discussions or you'll done it by yourself?

@t8m
Copy link
Member

t8m commented Dec 17, 2021

@t8m Should I need to set "Resolved" all outdated code discussions or you'll done it by yourself?

No need for that.

@mattcaswell mattcaswell added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Dec 17, 2021
@mattcaswell
Copy link
Member

I agree this is trivial

@openssl-machine
Copy link
Collaborator

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

@paulidale
Copy link
Contributor

Merged to master and 3.0. Thanks for the fix.

@paulidale paulidale closed this Dec 19, 2021
openssl-machine pushed a commit that referenced this pull request Dec 19, 2021
@paulidale
Fix deref after null
68b78dd 
ctx may be NULL at 178 line

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #17293)
openssl-machine pushed a commit that referenced this pull request Dec 19, 2021
@paulidale
Fix deref after null
7f2dace 
ctx may be NULL at 178 line

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #17293)

(cherry picked from commit 68b78dd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

@paulidale paulidale paulidale approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch cla: trivial One of the commits is marked as 'CLA: trivial' triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Goblenus @t8m @mattcaswell @openssl-machine @paulidale