From: Andrey Tsygunka <aitsygunka@yandex.ru>
Date: Wed, 19 Mar 2025 11:53:02 +0000 (+0300)
Subject: Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c
X-Git-Tag: openssl-3.0.17~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a110df9211aebe9896cc2ae175b4b36f38ff40f;p=thirdparty%2Fopenssl.git

Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c

Adds handling of V_ASN1_UNDEF to avoid NULL dereference
in case ASN1 structure contains an element of type ASN1_TYPE
without initializing its value (i.e. default constructed)

CLA: trivial

Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27100)

(cherry picked from commit 8e08f9c5a013d9a9fb9e2db3c90a70eda50f78b5)
---

diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 3ea18b0280d..3dce2fb4bb0 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -571,6 +571,9 @@ static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype
             return -1;
         break;
 
+    case V_ASN1_UNDEF:
+        return -2;
+
     case V_ASN1_NULL:
         cont = NULL;
         len = 0;