diff options
| author | Radek Krejci <radek.krejci@oracle.com> | 2024-03-21 13:19:23 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-07-08 21:56:19 +0200 |
| commit | 188fadc00a35434c4f7dab244af80744c5373222 (patch) | |
| tree | a25fc87495961413d32ecb0b697960844c9c392b | |
| parent | f6cab2ef9bd90e4769aecf21ee63b24856851f35 (diff) | |
| download | openssl-188fadc00a35434c4f7dab244af80744c5373222.zip openssl-188fadc00a35434c4f7dab244af80744c5373222.tar.gz openssl-188fadc00a35434c4f7dab244af80744c5373222.tar.bz2 | |
Avoid NULL pointer dereference
Function readbuffer_gets() misses some of the initial checks of its
arguments. Not checking them can lead to a later NULL pointer
dereferences.
The checks are now unified with the checks in readbuffer_read()
function.
CLA: trivial
Fixes #23915
Signed-off-by: Radek Krejci <radek.krejci@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23918)
(cherry picked from commit c215d75f94fcaa598817e739221f33b71b53fb39)
| -rw-r--r-- | crypto/bio/bf_readbuff.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/bio/bf_readbuff.c b/crypto/bio/bf_readbuff.c index 135ccef..62490b9 100644 --- a/crypto/bio/bf_readbuff.c +++ b/crypto/bio/bf_readbuff.c @@ -222,10 +222,13 @@ static int readbuffer_gets(BIO *b, char *buf, int size) char *p; int i, j; - if (size == 0) + if (buf == NULL || size == 0) return 0; --size; /* the passed in size includes the terminator - so remove it here */ ctx = (BIO_F_BUFFER_CTX *)b->ptr; + + if (ctx == NULL || b->next_bio == NULL) + return 0; BIO_clear_retry_flags(b); /* If data is already buffered then use this first */ |