coverity 1462545 Dereference after null check
authorPauli <paul.dale@oracle.com>
Sun, 26 Apr 2020 22:25:33 +0000 (08:25 +1000)
committerPauli <paul.dale@oracle.com>
Thu, 30 Apr 2020 10:21:31 +0000 (20:21 +1000)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11651)

crypto/evp/p_lib.c

index 84fb914..053c9cb 100644 (file)
@@ -230,9 +230,11 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b,
      * us to compare types using legacy NIDs.
      */
     if ((a->type != EVP_PKEY_NONE
-         && !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type)))
+         && (b->keymgmt == NULL
+             || !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type))))
         || (b->type != EVP_PKEY_NONE
-            && !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))))
+            && (a->keymgmt == NULL
+                || !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type)))))
         return -1;               /* not the same key type */
 
     /*