From: Zhou Qingyang <zhou1615@umn.edu>
Date: Fri, 8 Apr 2022 13:43:37 +0000 (+0800)
Subject: Add return value check of EVP_PKEY_copy_parameters () in ssl_set_cert_and_key()
X-Git-Tag: openssl-3.2.0-alpha1~2660
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6646e015a50e5455117c22a27032011689db710f;p=thirdparty%2Fopenssl.git

Add return value check of EVP_PKEY_copy_parameters () in ssl_set_cert_and_key()

It seems the return value of EVP_PKEY_copy_parameters() in
ssl_set_cert_and_key(), and could lead to null pointer dereference in
EVP_PKEY_eq() function.

However those functions are complicated and this fix is suggested by
a static analyzer, so please advise.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18071)
---

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 33f0975e5ea..fb615488adc 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -921,11 +921,17 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
                 goto out;
             } else {
                 /* copy to privatekey from pubkey */
-                EVP_PKEY_copy_parameters(privatekey, pubkey);
+                if (!EVP_PKEY_copy_parameters(privatekey, pubkey)) {
+                    ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
+                    goto out;
+                }
             }
         } else if (EVP_PKEY_missing_parameters(pubkey)) {
             /* copy to pubkey from privatekey */
-            EVP_PKEY_copy_parameters(pubkey, privatekey);
+            if (!EVP_PKEY_copy_parameters(pubkey, privatekey)) {
+                ERR_raise(ERR_LIB_SSL, SSL_R_COPY_PARAMETERS_FAILED);
+                goto out;
+            }
         } /* else both have parameters */
 
         /* check that key <-> cert match */