Overview

File openssl-0007-ossl_cmp_certresponse_get1_cert.patch of Package openssl-3

Description: Fix CWE-476 (NULL Pointer Dereference) in ossl_cmp_certresponse_get1_cert
Issue: The variable 'crep' is dereferenced to access 'certifiedKeyPair', but a later assertion check implies 'crep' might be NULL.

Index: openssl-3.6.0/crypto/cmp/cmp_msg.c
===================================================================
--- openssl-3.6.0.orig/crypto/cmp/cmp_msg.c
+++ openssl-3.6.0/crypto/cmp/cmp_msg.c
@@ -1107,6 +1107,9 @@ X509 *ossl_cmp_certresponse_get1_cert(co
     int central_keygen = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_POPO_METHOD)
         == OSSL_CRMF_POPO_NONE;
 
+    if (crep == NULL)
+        return NULL;
+
     if (crep->certifiedKeyPair == NULL) {
         ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
         return NULL;
openSUSE Build Service is sponsored by
Places