diff mbox series

wolfSSL TLS layer: Check NULL return from wolfSSL_sk_value

Message ID 5AAC7242-4A5B-4982-B1B9-0F76E7F44441@wolfssl.com
State Not Applicable
Headers show
Series wolfSSL TLS layer: Check NULL return from wolfSSL_sk_value | expand

Commit Message

Sean Parkinson Aug. 25, 2020, 2:01 a.m. UTC
Signed-off-by: Sean Parkinson <sean@wolfssl.com>
---
 src/crypto/tls_wolfssl.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

Comments

Jouni Malinen Oct. 11, 2020, 8:03 a.m. UTC | #1
On Tue, Aug 25, 2020 at 12:01:10PM +1000, Sean Parkinson wrote:
> diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
> @@ -585,7 +585,7 @@ static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
>  
>  	for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) {
>  		gen = wolfSSL_sk_value(ext, i);
> -		if (gen->type != type)
> +		if (gen == NULL || gen->type != type)
>  			continue;
...

These were already covered by the earlier "Fix wrong types in
tls_wolfssl.c" patch (*), so I'm dropping this separate patch just for
the NULL checks.

(*) http://patchwork.ozlabs.org/project/hostap/patch/20200804094823.59816-1-juliusz@wolfssl.com/
diff mbox series

Patch

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 11e658220..1382cc802 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -585,7 +585,7 @@  static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type,
 
 	for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) {
 		gen = wolfSSL_sk_value(ext, i);
-		if (gen->type != type)
+		if (gen == NULL || gen->type != type)
 			continue;
 		if (os_strlen((char *) gen->obj) == len &&
 		    os_memcmp(value, gen->obj, len) == 0)
@@ -690,7 +690,7 @@  static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match,
 
 	for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) {
 		gen = wolfSSL_sk_value(ext, j);
-		if (gen->type != ASN_DNS_TYPE)
+		if (gen == NULL || gen->type != ASN_DNS_TYPE)
 			continue;
 		dns_name++;
 		wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
@@ -899,9 +899,10 @@  static void wolfssl_tls_cert_event(struct tls_connection *conn,
 		if (num_alt_subject == TLS_MAX_ALT_SUBJECT)
 			break;
 		gen = wolfSSL_sk_value((void *) ext, i);
-		if (gen->type != GEN_EMAIL &&
-		    gen->type != GEN_DNS &&
-		    gen->type != GEN_URI)
+		if (gen == NULL ||
+		    (gen->type != GEN_EMAIL &&
+		     gen->type != GEN_DNS &&
+		     gen->type != GEN_URI))
 			continue;
 
 		pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1);