[PATCH 1/5] OpenSSL: Fix possible null pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Ayala Beker <ayala.beker@xxxxxxxxx>

Fix possible null pointer dereference in check_ocsp_resp().

Signed-off-by: Ayala Beker <ayala.beker@xxxxxxxxx>
---
 src/crypto/tls_openssl_ocsp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index 37c87f4..4e1c6b9 100644
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -562,6 +562,8 @@ enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert,
 
 	if (basic->certs) {
 		untrusted = sk_X509_dup(basic->certs);
+		if (!untrusted)
+			goto fail;
 
 		num = sk_X509_num(basic->certs);
 		for (i = 0; i < num; i++) {
-- 
1.9.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux