From: Matt Caswell <matt@openssl.org>
Date: Wed, 10 Mar 2021 10:34:18 +0000 (+0000)
Subject: Don't crash if the pkeyopt doesn't have a value
X-Git-Tag: openssl-3.0.0-alpha14~301
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3d0b56785aeefd2b5a08a0da99d6a09ae6a494b9;p=thirdparty%2Fopenssl.git

Don't crash if the pkeyopt doesn't have a value

All pkeyopt's must have a ":" and a value for the option. Not supplying
one can cause a crash

Fixes #14494

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14496)
---

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 2a5ec6bb65b..2938e916203 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1790,17 +1790,21 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
 
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
 {
-    int rv;
+    int rv = 0;
     char *stmp, *vtmp = NULL;
+
     stmp = OPENSSL_strdup(value);
-    if (!stmp)
+    if (stmp == NULL)
         return -1;
     vtmp = strchr(stmp, ':');
-    if (vtmp) {
-        *vtmp = 0;
-        vtmp++;
-    }
+    if (vtmp == NULL)
+        goto err;
+
+    *vtmp = 0;
+    vtmp++;
     rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+
+ err:
     OPENSSL_free(stmp);
     return rv;
 }