Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

drbg_lib: avoid NULL pointer dereference in drbg_add #7511

Closed
wants to merge 1 commit into from
Closed

drbg_lib: avoid NULL pointer dereference in drbg_add #7511

wants to merge 1 commit into from

Conversation

mspncp
Copy link
Contributor

@mspncp mspncp commented Oct 28, 2018

Found by Coverity Scan

*** CID 1440764:  Null pointer dereferences  (REVERSE_INULL)
/crypto/rand/drbg_lib.c: 1091 in drbg_add()
1085     {
1086         int ret = 0;
1087         RAND_DRBG *drbg = RAND_DRBG_get0_master();
1088         size_t buflen;
1089         size_t seedlen = rand_drbg_seedlen(drbg);
1090     
>>>     CID 1440764:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "drbg" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1091         if (drbg == NULL)
1092             return 0;
1093     
1094         if (num < 0 || randomness < 0.0)
1095             return 0;
1096

@mspncp mspncp added branch: master Merge to master branch approval: review pending This pull request needs review by a committer branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels Oct 28, 2018
@mspncp mspncp added this to the 1.1.1a milestone Oct 28, 2018
@levitte levitte added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Oct 28, 2018
levitte pushed a commit that referenced this pull request Oct 28, 2018
@mspncp
drbg_lib: avoid NULL pointer dereference in drbg_add
d2953e5 
Found by Coverity Scan

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #7511)

(cherry picked from commit 59f9055)
levitte pushed a commit that referenced this pull request Oct 28, 2018
@mspncp
drbg_lib: avoid NULL pointer dereference in drbg_add
59f9055 
Found by Coverity Scan

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #7511)
@mspncp
Copy link
Contributor Author

mspncp commented Oct 28, 2018

Merged to master and 1.1.1., thanks!

@mspncp mspncp closed this Oct 28, 2018
@mspncp mspncp deleted the pr-drbg_lib-fix-coverity-warning branch October 28, 2018 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@levitte levitte levitte approved these changes

@bernd-edlinger bernd-edlinger bernd-edlinger approved these changes

Assignees
No one assigned
Labels
approval: done This pull request has the required number of approvals branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Projects
None yet
Milestone
1.1.1a
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mspncp @levitte @bernd-edlinger