Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing check on input arguments (NULL dereference) #2038

Closed
ManSoSec opened this issue Jan 17, 2019 · 1 comment
Closed

Missing check on input arguments (NULL dereference) #2038

ManSoSec opened this issue Jan 17, 2019 · 1 comment
Assignees
@ejohnstown

Comments

@ManSoSec
Copy link

ManSoSec commented Jan 17, 2019
edited

I noticed this missing argument check here (in HashOutput)
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6477

While it is done in 2 functions (HashInput and HashOutputRaw) here:
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6431
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6550

if (ssl->hsHashes == NULL)
return BAD_FUNC_ARG;

I can send a pull request.
@ejohnstown
Copy link
Contributor

Thank you for bringing this to our attention. I'll go ahead and fix this and the other two issues.

ejohnstown added a commit to ejohnstown/wolfssl that referenced this issue Jan 17, 2019
@ejohnstown
Fix Checks
f6240e5 
1. In the client, check the return code on wolfSSL_CTX_SetMinDhKey_Sz() as it is checked in the server. (Resolves issue wolfSSL#2037.)
2. In HashOutput(), check that the hsHashes exists for the session before hashing. (Resolves issue wolfSSL#2038.)
@ejohnstown ejohnstown mentioned this issue Jan 17, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ejohnstown ejohnstown

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ejohnstown @ManSoSec