diff options
| author | Zhou Qingyang <zhou1615@umn.edu> | 2022-04-11 18:25:26 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-04-21 08:09:39 +0200 |
| commit | 4d50a5467b0a208c61d163239a3544bae06343ea (patch) | |
| tree | e55fe1479fb9836d16c041610b3e48c714ef2a0f /apps | |
| parent | Fix small typo in X509v3_get_ext_by_NID() man page (diff) | |
| download | openssl-4d50a5467b0a208c61d163239a3544bae06343ea.tar.xz openssl-4d50a5467b0a208c61d163239a3544bae06343ea.zip | |
Fix wild pointer dereference in make_ocsp_response()
The function OCSP_basic_add1_status() will return NULL on malloc failure.
However the return value is not checked before being passed to
OCSP_SINGLERESP_add1_ext_i2d(), and there is a wild field pointer,
which could lead to wild pointer dereference.
Fix this by adding return value check
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18081)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/ocsp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 51f2b37f47..a2f974cf7b 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1119,6 +1119,11 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req single = OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_REVOKED, reason, revtm, thisupd, nextupd); + if (single == NULL) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, + NULL); + goto end; + } if (invtm != NULL) OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0); |