From e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 11 Mar 2015 16:00:01 +0000
Subject: [PATCH] ASN1_primitive_new NULL param handling

ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7)
---
 crypto/asn1/tasn_new.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index d25c68c545..7d2964f023 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
     ASN1_STRING *str;
     int utype;
 
-    if (it && it->funcs) {
+    if (!it)
+        return 0;
+
+    if (it->funcs) {
         const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
         if (pf->prim_new)
             return pf->prim_new(pval, it);
     }
 
-    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+    if (it->itype == ASN1_ITYPE_MSTRING)
         utype = -1;
     else
         utype = it->utype;
-- 
2.25.1