From: otherddn1978 <other_ddn@mail.ru>
Date: Fri, 13 Dec 2024 15:00:09 +0000 (+0300)
Subject: Check whether ctx->pctx != NULL
X-Git-Tag: openssl-3.0.16~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10c173091a36476462e494fcf70a80425d9cbf88;p=thirdparty%2Fopenssl.git

Check whether ctx->pctx != NULL

If it is NULL, ctx->pctx->pmeth dereference will cause a crash.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26176)

(cherry picked from commit 82e7a1130a7d10f4e15c19676a680990b5e3f8fe)
---

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 76a6814b424..efd2c05c85c 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -662,8 +662,12 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
 {
     EVP_PKEY_CTX *pctx = ctx->pctx;
 
-    if (pctx != NULL
-            && pctx->operation == EVP_PKEY_OP_VERIFYCTX
+    if (pctx == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return -1;
+    }
+
+    if (pctx->operation == EVP_PKEY_OP_VERIFYCTX
             && pctx->op.sig.algctx != NULL
             && pctx->op.sig.signature != NULL) {
         if (pctx->op.sig.signature->digest_verify != NULL)
@@ -672,8 +676,8 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                                                          tbs, tbslen);
     } else {
         /* legacy */
-        if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL)
-            return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
+        if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL)
+            return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
     }
 
     if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)