From 38884b260bba0603c85b92fb5768e392b35712bb Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 20 May 2022 08:04:21 +0000 Subject: [PATCH] Drop *out == NULL check in ASN1_STRING_to_UTF8() Unfortunately, several things in the ecosystem depend on the existing API behavior of being able to pass in an uninitialized pointer on the stack: haproxy, grpc, mongo-tools and others show up on the first two pages of Debian codesearch. ok jsing --- lib/libcrypto/asn1/a_string.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/asn1/a_string.c b/lib/libcrypto/asn1/a_string.c index 411c9bc9093..ef36f50c0d4 100644 --- a/lib/libcrypto/asn1/a_string.c +++ b/lib/libcrypto/asn1/a_string.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_string.c,v 1.10 2022/05/16 20:51:26 tb Exp $ */ +/* $OpenBSD: a_string.c,v 1.11 2022/05/20 08:04:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -280,7 +280,11 @@ ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) int mbflag; int ret = -1; - if (out == NULL || *out != NULL) + /* + * XXX We can't fail on *out != NULL here since things like haproxy and + * grpc pass in a pointer to an uninitialized pointer on the stack. + */ + if (out == NULL) goto err; if (in == NULL) -- 2.20.1