Commit 9e488fd6 authored Mar 11, 2015 by Matt Caswell

ASN1_primitive_new NULL param handling



ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>

parent a0108702

crypto/asn1/tasn_new.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE *pval, const ASN1_ITEM it)
		ASN1_STRING *str;
		int utype;

		if (it && it->funcs) {
		if (!it)
		return 0;

		if (it->funcs) {
		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
		if (pf->prim_new)
		return pf->prim_new(pval, it);
		}

		if (!it \|\| (it->itype == ASN1_ITYPE_MSTRING))
		if (it->itype == ASN1_ITYPE_MSTRING)
		utype = -1;
		else
		utype = it->utype;