Overview

File openssl-0011-i2d_DSA_SIG.patch of Package openssl-3

Description: Fix CWE-476 (NULL Pointer Dereference) in i2d_DSA_SIG
Issue: When *ppout is NULL, a buffer is allocated via BUF_MEM_new(). If allocation fails (returns NULL), the subsequent code attempts to access buf->data, causing a crash.

Index: openssl-3.6.0/crypto/dsa/dsa_sign.c
===================================================================
--- openssl-3.6.0.orig/crypto/dsa/dsa_sign.c
+++ openssl-3.6.0/crypto/dsa/dsa_sign.c
@@ -105,7 +105,8 @@ int i2d_DSA_SIG(const DSA_SIG *sig, unsi
 
     if (ppout != NULL) {
         if (*ppout == NULL) {
-            *ppout = (unsigned char *)buf->data;
+            if (buf != NULL)
+                *ppout = (unsigned char *)buf->data;
             buf->data = NULL;
             BUF_MEM_free(buf);
         } else {
openSUSE Build Service is sponsored by
Places