ASN1_primitive_new NULL param handling
authorMatt Caswell <matt@openssl.org>
Wed, 11 Mar 2015 16:00:01 +0000 (16:00 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 12 Mar 2015 09:20:45 +0000 (09:20 +0000)
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
crypto/asn1/tasn_new.c

index d25c68c545ca1426930d216b1b290aa54686e5fd..7d2964f02307b2013af62614e632dfbd02097500 100644 (file)
@@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
     ASN1_STRING *str;
     int utype;
 
-    if (it && it->funcs) {
+    if (!it)
+        return 0;
+
+    if (it->funcs) {
         const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
         if (pf->prim_new)
             return pf->prim_new(pval, it);
     }
 
-    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+    if (it->itype == ASN1_ITYPE_MSTRING)
         utype = -1;
     else
         utype = it->utype;