[PATCH 2/5] OpenSSL: Fix possible null pointer dereference
Ilan Peer
ilan.peer at intel.com
Mon Jan 25 02:28:47 PST 2016
From: Ayala Beker <ayala.beker at intel.com>
Fix possible null pointer dereference in tls_parse_pkcs12().
Signed-off-by: Ayala Beker <ayala.beker at intel.com>
---
src/crypto/tls_openssl.c | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index b16b519..ebf49af 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2393,16 +2393,26 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
if (certs) {
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_clear_chain_certs(ssl);
+ if (ssl)
+ SSL_clear_chain_certs(ssl);
+ else
+ SSL_CTX_clear_chain_certs(data->ssl);
while ((cert = sk_X509_pop(certs)) != NULL) {
X509_NAME_oneline(X509_get_subject_name(cert), buf,
sizeof(buf));
wpa_printf(MSG_DEBUG, "TLS: additional certificate"
" from PKCS12: subject='%s'", buf);
- if (SSL_add1_chain_cert(ssl, cert) != 1) {
+ if (ssl) {
+ if (SSL_add1_chain_cert(ssl, cert) != 1)
+ res = -1;
+ } else {
+ if (SSL_CTX_add1_chain_cert(data->ssl,
+ cert) != 1)
+ res = -1;
+ }
+ if (res == -1) {
tls_show_errors(MSG_DEBUG, __func__,
"Failed to add additional certificate");
- res = -1;
break;
}
}
@@ -2411,9 +2421,14 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
}
sk_X509_free(certs);
#ifndef OPENSSL_IS_BORINGSSL
- res = SSL_build_cert_chain(ssl,
- SSL_BUILD_CHAIN_FLAG_CHECK |
- SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+ if (ssl)
+ res = SSL_build_cert_chain(ssl,
+ SSL_BUILD_CHAIN_FLAG_CHECK |
+ SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+ else
+ res = SSL_CTX_build_cert_chain(data->ssl,
+ SSL_BUILD_CHAIN_FLAG_CHECK |
+ SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
if (!res) {
tls_show_errors(MSG_DEBUG, __func__,
"Failed to build certificate chain");
--
1.9.1
More information about the Hostap
mailing list