Browse Source

Check input size before NULL pointer test inside mem_write()

Checking is performed after the read-only test so it catches such errors
earlier.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13786)
master
zsugabubus 1 year ago
committed by Tomas Mraz
parent
commit
daa86f9e6b
1 changed files with 4 additions and 4 deletions
  1. +4
    -4
      crypto/bio/bss_mem.c

+ 4
- 4
crypto/bio/bss_mem.c View File

@ -221,10 +221,6 @@ static int mem_write(BIO *b, const char *in, int inl)
int blen;
BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
if (in == NULL) {
ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
if (b->flags & BIO_FLAGS_MEM_RDONLY) {
ERR_raise(ERR_LIB_BIO, BIO_R_WRITE_TO_READ_ONLY_BIO);
goto end;
@ -232,6 +228,10 @@ static int mem_write(BIO *b, const char *in, int inl)
BIO_clear_retry_flags(b);
if (inl == 0)
return 0;
if (in == NULL) {
ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
blen = bbm->readp->length;
mem_buf_sync(b);
if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)


Loading…
Cancel
Save