Overview

File openssl-0003-mime_hdr_addparam.patch of Package openssl-3

Description: Fix CWE-476 (NULL Pointer Dereference) in mime_hdr_addparam
Issue: The 'mhdr' pointer is dereferenced (mhdr->params) inside sk_MIME_PARAM_push, but static analysis indicates a path where 'mhdr' could be NULL when passed from mime_parse_hdr.

Index: openssl-3.6.0/crypto/asn1/asn_mime.c
===================================================================
--- openssl-3.6.0.orig/crypto/asn1/asn_mime.c
+++ openssl-3.6.0/crypto/asn1/asn_mime.c
@@ -934,6 +934,8 @@ static int mime_hdr_addparam(MIME_HEADER
     char *tmpname = NULL, *tmpval = NULL, *p;
     MIME_PARAM *mparam = NULL;
 
+    if (mhdr == NULL)
+        return 0;
     if (name) {
         tmpname = OPENSSL_strdup(name);
         if (!tmpname)
openSUSE Build Service is sponsored by
Places