Add check for memory allocation APIs to avoid NULL pointer dereference

author Jiasheng Jiang <jiashengjiangcool@gmail.com>

Tue, 5 Aug 2025 14:12:38 +0000 (14:12 +0000)

committer Daiki Ueno <ueno@gnu.org>

Fri, 15 Aug 2025 00:44:22 +0000 (09:44 +0900)
author Jiasheng Jiang <jiashengjiangcool@gmail.com>
Tue, 5 Aug 2025 14:12:38 +0000 (14:12 +0000)
committer Daiki Ueno <ueno@gnu.org>
Fri, 15 Aug 2025 00:44:22 +0000 (09:44 +0900)
diff --git a/src/certtool.c b/src/certtool.c

index a8e0d0173d8d859759b1794c2a65fcf7b280972d..09ae7359586b8f89df1160335bf39b5d019fa4b1 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2245,6 +2245,10 @@ static int detailed_verification(gnutls_x509_crt_t cert,
                 ret = gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL);
                 if (ret < 0) {
                         serial.data = (void *)gnutls_strdup("unnumbered");
+                       if (serial.data == NULL) {
+                               fprintf(stderr, "out of memory\n");
+                               app_exit(1);
+                       }
                 } else {
                         data.data = (void *)tmp;
                         data.size = tmp_size;
diff --git a/tests/auto-verify.c b/tests/auto-verify.c

index b0b076d957690b14d7430f23eabfa35ab32f64ef..df4c55cf7d80e5e009d900848baf250cdf7a8301 100644 (file)
--- a/tests/auto-verify.c
+++ b/tests/auto-verify.c
@@ -276,6 +276,7 @@ static int cert_out_callback(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
                 ret = gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL);
                 if (ret < 0) {
                         serial.data = (void *)gnutls_strdup("unnumbered");
+                       assert(serial.data != NULL);
                 } else {
                         data.data = (void *)tmp;
                         data.size = tmp_size;
diff --git a/tests/crl_apis.c b/tests/crl_apis.c

index 67537733c2bbbd9cd7ef6e66128abcc0cb24371d..37c7d32b84e03a381b14d4203816f4f6829b32d8 100644 (file)
--- a/tests/crl_apis.c
+++ b/tests/crl_apis.c
@@ -272,11 +272,15 @@ static void get_dn_by_oid(gnutls_x509_crl_t crl,
                0);
  
         char *crt_buf = gnutls_calloc(DN_MAX_LEN, sizeof(char));
+       assert(crt_buf != NULL);
+
         size_t crt_buf_size = DN_MAX_LEN;
         gnutls_x509_crt_get_issuer_dn_by_oid(crt, "2.5.4.3", 0, 0, crt_buf,
                                              &crt_buf_size);
  
         char *crl_buf = gnutls_calloc(DN_MAX_LEN, sizeof(char));
+       assert(crl_buf != NULL);
+
         size_t crl_buf_size = DN_MAX_LEN;
         gnutls_x509_crl_get_issuer_dn_by_oid(crl, "2.5.4.3", 0, 0, crl_buf,
                                              &crl_buf_size);
diff --git a/tests/pskself2.c b/tests/pskself2.c

index e1614688463eb0504adc4e8b0910406589778c48..c0e507d8fa82bbdc62d34120f0a064d5aecfbff2 100644 (file)
--- a/tests/pskself2.c
+++ b/tests/pskself2.c
@@ -84,6 +84,8 @@ static void client(int sd, const char *prio, unsigned exp_hint)
         side = "client";
  
         user.data = gnutls_malloc(4);
+       assert(user.data != NULL);
+
         user.data[0] = 0xCA;
         user.data[1] = 0xFE;
         user.data[2] = 0xCA;
diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c

index a0bf2798a997b32f56fa9a3ff347275da3e56114..7899b88ab8d07ed41fb439681dffd013f892c704 100644 (file)
--- a/tests/rehandshake-switch-srp-id.c
+++ b/tests/rehandshake-switch-srp-id.c
@@ -86,6 +86,8 @@ static int srpfunc(gnutls_session_t session, const char *username,
                 printf("srp: username %s\n", username);
  
         generator->data = gnutls_malloc(1);
+       assert(generator->data != NULL);
+
         generator->data[0] = 2;
         generator->size = 1;
author	Jiasheng Jiang <jiashengjiangcool@gmail.com>
	Tue, 5 Aug 2025 14:12:38 +0000 (14:12 +0000)
committer	Daiki Ueno <ueno@gnu.org>
	Fri, 15 Aug 2025 00:44:22 +0000 (09:44 +0900)
src/certtool.c		patch \| blob \| blame \| history
tests/auto-verify.c		patch \| blob \| blame \| history
tests/crl_apis.c		patch \| blob \| blame \| history
tests/pskself2.c		patch \| blob \| blame \| history
tests/rehandshake-switch-srp-id.c		patch \| blob \| blame \| history