Fix NULL ptr dereference on EC_POINT *point

citypw · citypw · commit 60538e018b82 · 2024-09-20T09:18:54.000+01:00
Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for openssl#25493 CLA: trivial
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
@@ -1156,7 +1156,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
     size_t buf_len = 0;
     int new_buffer = 0;
 
-    if (a == NULL) {
+    if (a == NULL || a->pub_key == NULL) {
         ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c
@@ -74,6 +74,10 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
                           point_conversion_form_t form, unsigned char *buf,
                           size_t len, BN_CTX *ctx)
 {
+    if (point == NULL) {
+        ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
     if (group->meth->point2oct == 0
         && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
         ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

Original file line number	Diff line number	Diff line change
`@@ -1156,7 +1156,7 @@ int i2o_ECPublicKey(const EC_KEY a, unsigned char *out)`
`1156`	`1156`	`size_t buf_len = 0;`
`1157`	`1157`	`int new_buffer = 0;`
`1158`	`1158`
`1159`		`- if (a == NULL) {`
	`1159`	`+ if (a == NULL \|\| a->pub_key == NULL) {`
`1160`	`1160`	`ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);`
`1161`	`1161`	`return 0;`
`1162`	`1162`	`}`