Overview

File openssl-0002-evp_pkey_asn1_find_str.patch of Package openssl-3

Description: Fix CWE-476 (NULL Pointer Dereference) in evp_pkey_asn1_find_str
Issue: The function evp_pkey_asn1_get0 can return NULL if the index is invalid. The pointer 'ameth' is dereferenced immediately to check 'pkey_flags' without validating if it is NULL.

Index: openssl-3.6.0/crypto/asn1/ameth_lib.c
===================================================================
--- openssl-3.6.0.orig/crypto/asn1/ameth_lib.c
+++ openssl-3.6.0/crypto/asn1/ameth_lib.c
@@ -132,7 +132,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn
     }
     for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
         ameth = EVP_PKEY_asn1_get0(i);
-        if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+        if (ameth && (ameth->pkey_flags & ASN1_PKEY_ALIAS))
             continue;
         if ((int)strlen(ameth->pem_str) == len
             && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
openSUSE Build Service is sponsored by
Places