1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From b9f832edcce9db2de31070e76c3cbe59ca9ef512 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 12 Oct 2023 16:00:38 +0200
Subject: [PATCH] openssl: avoid BN_num_bits() NULL pointer derefs
Reported-by: icy17 on github
Fixes #12099
Closes #12100
Conflict: NA
Reference: https://github.com/curl/curl/commit/b9f832edcce9db2de31070e76c3cbe59ca9ef512
---
lib/vtls/openssl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 9f9c8d136..6be86f871 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -538,9 +538,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl)
#else
RSA_get0_key(rsa, &n, &e, NULL);
#endif /* HAVE_EVP_PKEY_GET_PARAMS */
- BIO_printf(mem, "%d", BN_num_bits(n));
+ BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
#else
- BIO_printf(mem, "%d", BN_num_bits(rsa->n));
+ BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
#endif /* HAVE_OPAQUE_RSA_DSA_DH */
push_certinfo("RSA Public Key", i);
print_pubkey_BN(rsa, n, i);
--
2.33.0
|
