Avoid potential NULL dereference in ssl_set_pkey()

Switch from X509_get_pubkey() to X509_get0_pubkey() to avoid an unnecessary EVP_PKEY_free(). Check the return values of X509_get0_pubkey() and EVP_PKEY_copy_parameters(). If the former returns NULL, the latter will dereference NULL. CID 25020 ok jsing
author: tb <> 2022-08-31 06:51:36 +0000
committer: tb <> 2022-08-31 06:51:36 +0000
commit: 7e8f0de8850e4d835fd9bc12ef540caeef22e9ad (patch)
tree: 8c27b4bae0e0bb41c0cc7efb21a67b73e4203d2e
parent: f757c531be5c74165c427b06da2503bf8a861c1b (diff)
download: openbsd-7e8f0de8850e4d835fd9bc12ef540caeef22e9ad.tar.gz
openbsd-7e8f0de8850e4d835fd9bc12ef540caeef22e9ad.tar.bz2
openbsd-7e8f0de8850e4d835fd9bc12ef540caeef22e9ad.zip
1 files changed, 9 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 192dc4291e..98c1e1b7b3 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.45 2022/06/30 09:08:35 tb Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.46 2022/08/31 06:51:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -184,9 +184,13 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey)
        if (c->pkeys[i].x509 != NULL) {
                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
-                EVP_PKEY_copy_parameters(pktmp, pkey);
+                if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL)
-                EVP_PKEY_free(pktmp);
+                        return 0;
+                if (!EVP_PKEY_copy_parameters(pktmp, pkey))
+                        return 0;
                ERR_clear_error();
                /*
@@ -209,7 +213,7 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey)
        c->key = &(c->pkeys[i]);
        c->valid = 0;
-        return (1);
+        return 1;
 }
 int
author	tb <>	2022-08-31 06:51:36 +0000
committer	tb <>	2022-08-31 06:51:36 +0000
commit	7e8f0de8850e4d835fd9bc12ef540caeef22e9ad (patch)
tree	8c27b4bae0e0bb41c0cc7efb21a67b73e4203d2e
parent	f757c531be5c74165c427b06da2503bf8a861c1b (diff)
download	openbsd-7e8f0de8850e4d835fd9bc12ef540caeef22e9ad.tar.gz openbsd-7e8f0de8850e4d835fd9bc12ef540caeef22e9ad.tar.bz2 openbsd-7e8f0de8850e4d835fd9bc12ef540caeef22e9ad.zip

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 192dc4291e..98c1e1b7b3 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_rsa.c,v 1.45 2022/06/30 09:08:35 tb Exp $ */	1	/* $OpenBSD: ssl_rsa.c,v 1.46 2022/08/31 06:51:36 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -184,9 +184,13 @@ ssl_set_pkey(SSL_CTX ctx, SSL ssl, EVP_PKEY *pkey)
184		184
185	if (c->pkeys[i].x509 != NULL) {	185	if (c->pkeys[i].x509 != NULL) {
186	EVP_PKEY *pktmp;	186	EVP_PKEY *pktmp;
187	pktmp = X509_get_pubkey(c->pkeys[i].x509);	187
188	EVP_PKEY_copy_parameters(pktmp, pkey);	188	if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL)
189	EVP_PKEY_free(pktmp);	189	return 0;
		190
		191	if (!EVP_PKEY_copy_parameters(pktmp, pkey))
		192	return 0;
		193
190	ERR_clear_error();	194	ERR_clear_error();
191		195
192	/*	196	/*
@@ -209,7 +213,7 @@ ssl_set_pkey(SSL_CTX ctx, SSL ssl, EVP_PKEY *pkey)
209	c->key = &(c->pkeys[i]);	213	c->key = &(c->pkeys[i]);
210		214
211	c->valid = 0;	215	c->valid = 0;
212	return (1);	216	return 1;
213	}	217	}
214		218
215	int	219	int