possible NULL ptr bug of openssl 1.0.0 stable 20091026

View: New views

2 Messages — Rating Filter: Alert me

possible NULL ptr bug of openssl 1.0.0 stable 20091026

by Zhongxing Xu :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

openssl-1.0.0-stable-SNAP-20091026/ssl/t1_lib.c:657

case TLSEXT_NAMETYPE_host_name:
if (s->session->tlsext_hostname == NULL)
{
if (len > TLSEXT_MAXLEN_host_name ||
((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
{
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
memcpy(s->session->tlsext_hostname, sdata, len);

s->session->tlsext_hostname might be NULL. memcpy() cannot take NULL
as dest pointer.

-Zhongxing Xu
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...

Re: possible NULL ptr bug of openssl 1.0.0 stable 20091026

by Peter Sylvester-3 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Zhongxing Xu wrote:

> openssl-1.0.0-stable-SNAP-20091026/ssl/t1_lib.c:657
>
> case TLSEXT_NAMETYPE_host_name:
> if (s->session->tlsext_hostname == NULL)
> {
> if (len > TLSEXT_MAXLEN_host_name ||
> ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
> {
> *al = TLS1_AD_UNRECOGNIZED_NAME;
> return 0;
> }
> memcpy(s->session->tlsext_hostname, sdata, len);
>
> s->session->tlsext_hostname might be NULL. memcpy() cannot take NULL
> as dest pointer.
>

The malloc above is tested? Did I overlook something?

> -Zhongxing Xu
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@...
> Automated List Manager majordomo@...
>

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...