Check for NULL conf in NCONF_get_number

The problematic case falls back to a NULL conf which returns the result
of getenv(2).  If this returns NULL, everything was good.  If this returns
a string an attempt to convert it to a number is made using the function
pointers from conf.

This fix uses the strtol(3) function instead, we don't have the
configuration settings and this behaves as the default would.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6632)

1 files changed, 7 insertions, 4 deletions

diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index c72511ba67..5f976f35c4 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -292,10 +292,13 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
     if (str == NULL)
         return 0;
 
-    for (*result = 0; conf->meth->is_number(conf, *str);) {
-        *result = (*result) * 10 + conf->meth->to_int(conf, *str);
-        str++;
-    }
+    if (conf == NULL)
+        *result = strtol(str, &str, 10);
+    else
+        for (*result = 0; conf->meth->is_number(conf, *str);) {
+            *result = (*result) * 10 + conf->meth->to_int(conf, *str);
+            str++;
+        }
 
     return 1;
 }