params: avoid a core dump with a null pointer and a get string call

Previous a get string (UTF8 or octet) params call would memcpy(2) from a NULL pointer if the OSSL_PARAM didn't have its data field set. This change makes the operation fail rather than core dump and it returns to param size (if set). Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11474)
author: Pauli <paul.dale@oracle.com> 2020-04-06 03:53:10 +0200
committer: Pauli <paul.dale@oracle.com> 2020-04-08 01:14:17 +0200
commit: 86f32187c31fcff88253fcead04196563c04be09 (patch)
tree: 7e0606ceb494a23dbbef7729afc6cf3e9eed26f6 /crypto/params.c
parent: [crypto/ec] blind coordinates in ec_wNAF_mul for robustness (diff)
download: openssl-86f32187c31fcff88253fcead04196563c04be09.tar.xz
openssl-86f32187c31fcff88253fcead04196563c04be09.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/params.c b/crypto/params.c
index 5d1fc6a6f2..64d53c50e3 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -778,6 +778,8 @@ static int get_string_internal(const OSSL_PARAM *p, void **val, size_t max_len,
 
     if (sz == 0)
         return 1;
+    if (p->data == NULL)
+        return 0;
 
     if (*val == NULL) {
         char *const q = OPENSSL_malloc(sz);
author	Pauli <paul.dale@oracle.com>	2020-04-06 03:53:10 +0200
committer	Pauli <paul.dale@oracle.com>	2020-04-08 01:14:17 +0200
commit	86f32187c31fcff88253fcead04196563c04be09 (patch)
tree	7e0606ceb494a23dbbef7729afc6cf3e9eed26f6 /crypto/params.c
parent	[crypto/ec] blind coordinates in ec_wNAF_mul for robustness (diff)
download	openssl-86f32187c31fcff88253fcead04196563c04be09.tar.xz openssl-86f32187c31fcff88253fcead04196563c04be09.zip