From: Pauli Date: Mon, 6 Apr 2020 01:53:10 +0000 (+1000) Subject: params: avoid a core dump with a null pointer and a get string call X-Git-Tag: openssl-3.0.0-alpha1~146 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=86f32187c31fcff88253fcead04196563c04be09;p=oweals%2Fopenssl.git params: avoid a core dump with a null pointer and a get string call Previous a get string (UTF8 or octet) params call would memcpy(2) from a NULL pointer if the OSSL_PARAM didn't have its data field set. This change makes the operation fail rather than core dump and it returns to param size (if set). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11474) --- diff --git a/crypto/params.c b/crypto/params.c index 5d1fc6a6f2..64d53c50e3 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -778,6 +778,8 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len, if (sz == 0) return 1; + if (p->data == NULL) + return 0; if (*val == NULL) { char *const q = OPENSSL_malloc(sz);