Revision - eba8bf4 - Call of memcmp with null pointers in obj_cmp() – ENEA Mirror of the Software Heritage archive

Revision eba8bf485a81541ad25a685f13f00a862cc371a8 authored by Hanno Böck on 11 May 2015, 10:33:37 UTC, committed by Matt Caswell on 13 May 2015, 14:28:48 UTC

Call of memcmp with null pointers in obj_cmp()

The function obj_cmp() (file crypto/objects/obj_dat.c) can in some
situations call memcmp() with a null pointer and a zero length.

This is invalid behaviour. When compiling openssl with undefined
behaviour sanitizer (add -fsanitize=undefined to compile flags) this
can be seen. One example that triggers this behaviour is the pkcs7
command (but there are others, e.g. I've seen it with the timestamp
function):
apps/openssl pkcs7 -in test/testp7.pem

What happens is that obj_cmp takes objects of the type ASN1_OBJECT and
passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT
structures can have a null pointer as data.

RT#3816

Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be)

1 parent 464774d

Files
Changes

Permalinks

GitConfigure

#!/bin/sh

BRANCH=`git rev-parse --abbrev-ref HEAD`

./Configure $@ no-symlinks
make files
util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
make -f makefile.$BRANCH init

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...