From: doug <doug@openbsd.org>
Date: Wed, 29 Apr 2015 01:27:34 +0000 (+0000)
Subject: Avoid NULL deref in CBS_get_any_asn1_element().
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=874a9cdc392e63fbc0fb725a4b63acb245b75a6e;p=openbsd

Avoid NULL deref in CBS_get_any_asn1_element().

This function is documented as allowing NULL for out_header_len.

ok jsing@
---

diff --git a/lib/libssl/bs_cbs.c b/lib/libssl/bs_cbs.c
index fc2eafff0eb..0237f736819 100644
--- a/lib/libssl/bs_cbs.c
+++ b/lib/libssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $	*/
+/*	$OpenBSD: bs_cbs.c,v 1.6 2015/04/29 01:27:34 doug Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -236,7 +236,8 @@ CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
 
 		if ((tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
 			/* indefinite length */
-			*out_header_len = 2;
+			if (out_header_len != NULL)
+				*out_header_len = 2;
 			return CBS_get_bytes(cbs, out, 2);
 		}
 
diff --git a/lib/libssl/src/ssl/bs_cbs.c b/lib/libssl/src/ssl/bs_cbs.c
index fc2eafff0eb..0237f736819 100644
--- a/lib/libssl/src/ssl/bs_cbs.c
+++ b/lib/libssl/src/ssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $	*/
+/*	$OpenBSD: bs_cbs.c,v 1.6 2015/04/29 01:27:34 doug Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -236,7 +236,8 @@ CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
 
 		if ((tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
 			/* indefinite length */
-			*out_header_len = 2;
+			if (out_header_len != NULL)
+				*out_header_len = 2;
 			return CBS_get_bytes(cbs, out, 2);
 		}