From 86f32187c31fcff88253fcead04196563c04be09 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 6 Apr 2020 11:53:10 +1000 Subject: [PATCH] params: avoid a core dump with a null pointer and a get string call Previous a get string (UTF8 or octet) params call would memcpy(2) from a NULL pointer if the OSSL_PARAM didn't have its data field set. This change makes the operation fail rather than core dump and it returns to param size (if set). Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11474) --- crypto/params.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/params.c b/crypto/params.c index 5d1fc6a6f2..64d53c50e3 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -778,6 +778,8 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len, if (sz == 0) return 1; + if (p->data == NULL) + return 0; if (*val == NULL) { char *const q = OPENSSL_malloc(sz); -- 2.25.1