From: Antonio Quartulli <antonio@openvpn.net>
Date: Mon, 5 Apr 2021 08:00:06 +0000 (+0200)
Subject: openssl: avoid NULL pointer dereference
X-Git-Tag: v2.6_beta1~553
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3c7698957483e0ea0f14e712502d34c826c53ca;p=thirdparty%2Fopenvpn.git

openssl: avoid NULL pointer dereference

EVP_PKEY_CTX_new_id() may return NULL and for this reason we must check
its return value and bail out in case of failure.

Failing to do so, may result in NULL pointer dereferece when we
pass the returned pointer (NULL) to other functions.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210405080007.1665-2-a@unstable.cc>
URL: https://www.mail-archive.com/search?l=mid&q=20210405080007.1665-2-a@unstable.cc
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index d54ca6d26..dc6b0fa71 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1125,8 +1125,13 @@ bool
 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
              int secret_len, uint8_t *output, int output_len)
 {
-    bool ret = false;
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    if (!pctx)
+    {
+        return false;
+    }
+
+    bool ret = false;
     if (!EVP_PKEY_derive_init(pctx))
     {
         goto out;