From: Jiasheng Jiang Date: Tue, 25 Jan 2022 07:51:31 +0000 (+0800) Subject: UI: Check for NULL pointer after calling OPENSSL_memdup X-Git-Tag: openssl-3.2.0-alpha1~3022 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f6a12a07f52c55dc3f4b0def42680f589f89ed4;p=thirdparty%2Fopenssl.git UI: Check for NULL pointer after calling OPENSSL_memdup The OPENSSL_memdup() is not always success, as the potential failure of the allocation. Then the '*pptr'could be NULL pointer but the ui_dup_method_data() will still return 1. In CRYPTO_dup_ex_data(), the 'storage[i]->dup_func' will not fail and 'ptr' will be used in CRYPTO_set_ex_data(). Also, if '*pptr' is NULL, I think it should also return 0 to tell the caller that the duplication fails in order to prevernt using the NULL pointer. Therefore, it should be better to add the check and return 1 only if the duplication succeed. Signed-off-by: Jiasheng Jiang Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17582) --- diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index 871472cd326..9967111ecd3 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -73,9 +73,12 @@ static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **pptr, int idx, long argl, void *argp) { - if (*pptr != NULL) + if (*pptr != NULL) { *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data)); - return 1; + if (*pptr != NULL) + return 1; + } + return 0; } static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,