New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix incomplete error check on ASN1_item_i2d() #20251
Conversation
According to the documentation and my analysis tool ASN1_item_i2d() can return a negative value on error, but this is not checked. Fix it by changing the error check condition. CLA: trivial
Not sure if there is a way to test this easily. -1 gets returned on malloc failures, but also for bad tags. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK with CLA: trivial
@paulidale assuming you're OK with CLA: trivial too.
24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually. |
The CI failure does not seem relevant. |
Yes to trivial. Thanks for the contribution. |
According to the documentation and my analysis tool ASN1_item_i2d() can return a negative value on error, but this is not checked. Fix it by changing the error check condition. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #20251) (cherry picked from commit 5df5032)
According to the documentation and my analysis tool ASN1_item_i2d() can return a negative value on error, but this is not checked. Fix it by changing the error check condition. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #20251) (cherry picked from commit 5df5032)
According to the documentation and my analysis tool ASN1_item_i2d() can return a negative value on error, but this is not checked. Fix it by changing the error check condition. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #20251)
According to the documentation and my analysis tool ASN1_item_i2d() can return a negative value on error, but this is not checked. Fix it by changing the error check condition.
CLA: trivial
Please note that I found this using a static analysis tool I am developing at the moment. It could therefore be a false positive bug. I manually reviewed the case to be extra sure that it is a real bug.
Checklist