Overview

File openssl-0012-DSA_verify.patch of Package openssl-3

Description: Fix CWE-476 (NULL Argument) in DSA_verify
Issue: i2d_DSA_SIG is called to encode the signature into 'der'. If it fails or results in no data, 'der' remains NULL. Passing NULL as the second argument to memcmp is undefined behavior.

Index: openssl-3.6.0/crypto/dsa/dsa_sign.c
===================================================================
--- openssl-3.6.0.orig/crypto/dsa/dsa_sign.c
+++ openssl-3.6.0/crypto/dsa/dsa_sign.c
@@ -207,7 +207,7 @@ int DSA_verify(int type, const unsigned
         goto err;
     /* Ensure signature uses DER and doesn't have trailing garbage */
     derlen = i2d_DSA_SIG(s, &der);
-    if (derlen != siglen || memcmp(sigbuf, der, derlen))
+    if (derlen != siglen || der == NULL || memcmp(sigbuf, der, derlen))
         goto err;
     ret = DSA_do_verify(dgst, dgst_len, s, dsa);
  err:
openSUSE Build Service is sponsored by
Places