-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl_lib: added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal() #22470
ssl_lib: added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal() #22470
Conversation
…ing it in ossl_ctrl_internal()
@@ -2908,6 +2908,9 @@ long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic) | |||
long l; | |||
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); | |||
|
|||
if (sc == NULL) | |||
return 0; | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a few reasons SSL_CONNECTION_FROM_SSL might resolve to NULL. Clearly if s is NULL it will. But it will also return NULL if:
OPENSSL_NO_QUIC is not defined and the ssl type is neither SSL_TYPE_SSL_CONNECTION nor SSL_TYPE_QUIC_CONNECTION
or
if OPENSSL_NO_QUICK is defined and the ssl type is not SSL_TYPE_SSL_CONNECTION
Is it worth detecting that rasing an error based on those condtions? Otherwise users will get a 0 return code and no error when what otherwise appears to be a valid ssl object is passed in
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I corrected the code so that pointer SSL is checked first. If it is equal to NULL, then returned 0, since pointer SSL_CONNECTION will also be NULL.
Next comes checking SSL_CONNECTION for NULL only by ssl type. Pointer SSL_CONNECTION needs to be checked, since it will be dereferenced next.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please revert this to the original fix. In other cases we do not raise error for these failures and IMO there is no point doing that here anyway as these errors can happen only with severe application bugs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverted to the original fix.
…referencing it in ossl_ctrl_internal()
…referencing it in ossl_ctrl_internal()
…ing it in ossl_ctrl_internal()
This pull request is ready to merge |
This is also applicable to 3.2. |
Merged to 3.2 and master. Thank you. |
…ing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #22470)
…referencing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #22470)
…referencing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #22470)
…ing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #22470)
…ing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#22470) Signed-off-by: fly2x <fly2x@hitls.org>
…referencing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#22470) Signed-off-by: fly2x <fly2x@hitls.org>
…referencing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#22470) Signed-off-by: fly2x <fly2x@hitls.org>
…ing it in ossl_ctrl_internal() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#22470) Signed-off-by: fly2x <fly2x@hitls.org>
Fixes: #22466
In ssl_lib.c added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()