From: Christian Heimes <christian@python.org>
Date: Thu, 24 Jun 2021 15:47:30 +0000 (+0200)
Subject: Fix segfault in openssl x509 -modulus
X-Git-Tag: openssl-3.0.0-beta2~180
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89fe295257f374647122f73776ddb34555c543f0;p=thirdparty%2Fopenssl.git

Fix segfault in openssl x509 -modulus

The command ``openssl x509 -noout -modulus -in cert.pem`` used to segfaults
sometimes because an uninitialized variable was passed to
``BN_lebin2bn``. The bug triggered an assertion in bn_expand_internal().

Fixes: https://github.com/openssl/openssl/issues/15899
Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15900)
---

diff --git a/apps/x509.c b/apps/x509.c
index b68530fb225..e9a45e4d8f7 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -943,7 +943,7 @@ int x509_main(int argc, char **argv)
         } else if (i == modulus) {
             BIO_printf(out, "Modulus=");
             if (EVP_PKEY_is_a(pkey, "RSA")) {
-                BIGNUM *n;
+                BIGNUM *n = NULL;
 
                 /* Every RSA key has an 'n' */
                 EVP_PKEY_get_bn_param(pkey, "n", &n);