Better handling of verify param id peername field (a0724ef1) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/x509/x509_vfy.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -767,6 +767,10 @@ static int check_hosts(X509 x, X509_VERIFY_PARAM_ID id)
		int n = sk_OPENSSL_STRING_num(id->hosts);
		char *name;

		if (id->peername != NULL) {
		OPENSSL_free(id->peername);
		id->peername = NULL;
		}
		for (i = 0; i < n; ++i) {
		name = sk_OPENSSL_STRING_value(id->hosts, i);
		if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0)

+9 −1

Original line number	Diff line number	Diff line
		@@ -148,6 +148,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
		sk_OPENSSL_STRING_pop_free(paramid->hosts, str_free);
		paramid->hosts = NULL;
		OPENSSL_free(paramid->peername);
		paramid->peername = NULL;
		OPENSSL_free(paramid->email);
		paramid->email = NULL;
		paramid->emaillen = 0;
		@@ -164,13 +165,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
		param = OPENSSL_malloc(sizeof(*param));
		if (!param)
		return NULL;
		memset(param, 0, sizeof(*param));

		paramid = OPENSSL_malloc(sizeof(*paramid));
		if (!paramid) {
		OPENSSL_free(param);
		return NULL;
		}
		memset(param, 0, sizeof(*param));
		memset(paramid, 0, sizeof(*paramid));
		/* Exotic platforms may have non-zero bit representation of NULL */
		paramid->hosts = NULL;
		paramid->peername = NULL;
		paramid->email = NULL;
		paramid->ip = NULL;

		param->id = paramid;
		x509_verify_param_zero(param);
		return param;