Hanno Böck 2b8dc08b74 Call of memcmp with null pointers in obj_cmp()
The function obj_cmp() (file crypto/objects/obj_dat.c) can in some
situations call memcmp() with a null pointer and a zero length.

This is invalid behaviour. When compiling openssl with undefined
behaviour sanitizer (add -fsanitize=undefined to compile flags) this
can be seen. One example that triggers this behaviour is the pkcs7
command (but there are others, e.g. I've seen it with the timestamp
function):
apps/openssl pkcs7 -in test/testp7.pem

What happens is that obj_cmp takes objects of the type ASN1_OBJECT and
passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT
structures can have a null pointer as data.

RT#3816

Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:23:57 +01:00
..
2015-05-04 15:00:13 -04:00
2015-05-06 22:37:53 -04:00
2015-05-12 10:24:48 -04:00
2015-05-04 15:00:13 -04:00
2015-05-04 15:00:13 -04:00
2015-05-06 22:37:53 -04:00
2015-05-04 15:00:13 -04:00
2015-05-13 15:07:57 +01:00
2015-05-06 22:37:53 -04:00
2015-05-04 15:00:13 -04:00
2015-05-03 12:53:08 +01:00
2015-05-02 07:23:58 -04:00
2015-05-01 10:02:07 -04:00
2015-04-20 15:06:22 +02:00
2015-05-04 13:03:49 +01:00
2015-05-04 15:00:13 -04:00
2015-05-04 15:00:13 -04:00
2015-04-20 15:06:22 +02:00
2015-01-23 19:09:01 +01:00
2015-05-04 15:00:13 -04:00
2015-05-01 10:02:07 -04:00
2015-01-22 09:20:09 +00:00
2015-01-22 09:20:09 +00:00
2015-01-23 11:58:26 -05:00
2015-01-22 09:20:09 +00:00
2014-06-04 08:34:18 +02:00
2015-01-22 09:20:09 +00:00