projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f5f288b) | patch
Fix wild pointer dereference in make_ocsp_response()
authorZhou Qingyang <zhou1615@umn.edu>
Mon, 11 Apr 2022 16:25:26 +0000 (00:25 +0800)
committerTomas Mraz <tomas@openssl.org>
Thu, 21 Apr 2022 06:09:39 +0000 (08:09 +0200)
commit4d50a5467b0a208c61d163239a3544bae06343ea
treee55fe1479fb9836d16c041610b3e48c714ef2a0ftree | snapshot
parentf5f288bdba3d2ca6f2ad4b39225b42f06ef28638commit | diff
Fix wild pointer dereference in make_ocsp_response()

The function OCSP_basic_add1_status() will return NULL on malloc failure.
However the return value is not checked before being passed to
OCSP_SINGLERESP_add1_ext_i2d(), and there is a wild field pointer,
which could lead to wild pointer dereference.

Fix this by adding return value check

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18081)
apps/ocsp.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.