From 94300d8de224e2135e75439e6b9c63eb7ad61fdf Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 12 Oct 2023 12:38:22 +0100 Subject: [PATCH] Ensure that the ERR_STATE is left in a consistent state We shouldn't ever have the case where the data flags indicate that err_data has been malloc'd, but the err_data field is NULL. Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22368) --- crypto/err/err.c | 3 ++- crypto/err/err_save.c | 16 +++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 7b7f309951..b95182d702 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -834,7 +834,8 @@ void ERR_add_error_vdata(int num, va_list args) * If err_data is allocated already, reuse the space. * Otherwise, allocate a small new buffer. */ - if ((es->err_data_flags[i] & flags) == flags) { + if ((es->err_data_flags[i] & flags) == flags + && ossl_assert(es->err_data[i] != NULL)) { str = es->err_data[i]; size = es->err_data_size[i]; diff --git a/crypto/err/err_save.c b/crypto/err/err_save.c index 3ca059adc3..1994c26cee 100644 --- a/crypto/err/err_save.c +++ b/crypto/err/err_save.c @@ -85,16 +85,18 @@ void OSSL_ERR_STATE_save_to_mark(ERR_STATE *es) es->err_line[i] = thread_es->err_line[j]; es->err_func[i] = thread_es->err_func[j]; - thread_es->err_flags[j] = 0; - thread_es->err_buffer[j] = 0; - thread_es->err_data[j] = NULL; - thread_es->err_data_size[j] = 0; - thread_es->err_file[j] = NULL; - thread_es->err_line[j] = 0; - thread_es->err_func[j] = NULL; + thread_es->err_flags[j] = 0; + thread_es->err_buffer[j] = 0; + thread_es->err_data[j] = NULL; + thread_es->err_data_size[j] = 0; + thread_es->err_data_flags[j] = 0; + thread_es->err_file[j] = NULL; + thread_es->err_line[j] = 0; + thread_es->err_func[j] = NULL; } if (i > 0) { + thread_es->top = top; /* If we moved anything, es's stack always starts at [0]. */ es->top = i - 1; es->bottom = ERR_NUM_ERRORS - 1; -- 2.39.5