search

icing / mod_md

Let's Encrypt (ACME) in Apache httpd
https://icing.github.io/mod_md/
Apache License 2.0
335 stars 27 forks source link

Dereferencing NULL pointer in md_json_set_timeperiod() #282

Closed marcstern closed 2 years ago

marcstern commented 2 years ago

In md_json.c, in md_json_set_timeperiod(), we have

if (!tp || tp->start || tp->end) {
        jn = json_object();
        apr_rfc822_date(ts, tp->start);

In case tp is NULL, "if (!tp || ...)" will succeed, thus "apr_rfc822_date(ts, tp->start);" will be exacuted, dereferencing a NULL pointer

It should be

if (tp && tp->start && tp->end) {
icing commented 2 years ago

You are totally right. What was I thinking?

I'll make a release with this soon.