search

openssl / openssl

TLS/SSL and crypto library
https://www.openssl.org
Apache License 2.0
25.79k stars 10.13k forks source link

No result check of ASN1_STRING_set() #21492

Closed nv-dmd closed 1 year ago

nv-dmd commented 1 year ago

OpenSSL 3.0, 3.1, master

Function v2i_issuer_sign_tool() (crypto\x509\v3_ist.c) uses function ASN1_STRING_set() to set the ASN1 string, but the result of ASN1_STRING_set() execution is not checked, although it may fail.

if (strcmp(cnf->name, "signTool") == 0) {
    ist->signTool = ASN1_UTF8STRING_new();
    if (ist->signTool == NULL) {
        ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB);
        ISSUER_SIGN_TOOL_free(ist);
        return NULL;
    }
    ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value));
}

Maybe need to add a check for the result of function ASN1_STRING_set() in v2i_issuer_sign_tool()?

t8m commented 1 year ago

Yes, this is a bug. Please create a PR.