Commit c36b39b5 authored by Pauli's avatar Pauli
Browse files

Check for NULL conf in NCONF_get_number 



The problematic case falls back to a NULL conf which returns the result
of getenv(2).  If this returns NULL, everything was good.  If this returns
a string an attempt to convert it to a number is made using the function
pointers from conf.

This fix uses the strtol(3) function instead, we don't have the
configuration settings and this behaves as the default would.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6632)
parent 3bb5e5b0

crypto/conf/conf_lib.c

+7 −4
Original line number Diff line number Diff line
@@ -292,6 +292,9 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, 
    if (str == NULL)

        return 0;



    if (conf == NULL)

        *result = strtol(str, &str, 10);

    else

        for (*result = 0; conf->meth->is_number(conf, *str);) {

            *result = (*result) * 10 + conf->meth->to_int(conf, *str);

            str++;

test/conf_include_test.c

+31 −0
Original line number Diff line number Diff line
@@ -123,6 +123,36 @@ static int test_load_config(void) 
    return 1;

}



static int test_check_null_numbers(void)

{

#if defined(_BSD_SOURCE) \

        || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \

        || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)

    long val = 0;



    /* Verify that a NULL config with a present environment variable returns

     * success and the value.

     */

    if (!TEST_int_eq(setenv("FNORD", "123", 1), 0)

            || !TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val))

            || !TEST_long_eq(val, 123)) {

        TEST_note("environment variable with NULL conf failed");

        return 0;

    }



    /*

     * Verify that a NULL config with a missing envrionment variable returns

     * a failure code.

     */

    if (!TEST_int_eq(unsetenv("FNORD"), 0)

            || !TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val))) {

        TEST_note("missing environment variable with NULL conf failed");

        return 0;

    }

#endif

    return 1;

}



int setup_tests(void)

{

    const char *conf_file;
@@ -150,6 +180,7 @@ int setup_tests(void) 
    change_path(conf_file);



    ADD_TEST(test_load_config);

    ADD_TEST(test_check_null_numbers);

    return 1;

}