-
Notifications
You must be signed in to change notification settings - Fork 31k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lack of nullptr check in src/crypto/crypto_context.cc
NewRootCertStore
#56694
Comments
wooffie
added a commit
to wooffie/node
that referenced
this issue
Jan 22, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: nodejs#56694
wooffie
added a commit
to wooffie/node
that referenced
this issue
Jan 24, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: nodejs#56694
jasnell
pushed a commit
that referenced
this issue
Jan 26, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Solved in #56700 |
aduh95
pushed a commit
that referenced
this issue
Jan 27, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
aduh95
pushed a commit
that referenced
this issue
Jan 30, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
hvanness
pushed a commit
to hvanness/node
that referenced
this issue
Jan 30, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: nodejs#56694 PR-URL: nodejs#56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
aduh95
pushed a commit
that referenced
this issue
Jan 31, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
aduh95
pushed a commit
that referenced
this issue
Feb 4, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
aduh95
pushed a commit
that referenced
this issue
Feb 6, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito
pushed a commit
that referenced
this issue
Mar 6, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito
pushed a commit
that referenced
this issue
Mar 6, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
marco-ippolito
pushed a commit
that referenced
this issue
Mar 6, 2025
In openssl we should check result of X509_STORE_new() for nullptr Refs: #56694 PR-URL: #56700 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
20.18.0
Platform
Subsystem
crypto
What steps will reproduce the bug?
In this function
X509_STORE* store
not checked for nullptr. It may cause null pointer dereference.node/src/crypto/crypto_context.cc
Line 274 in bf59539
How often does it reproduce? Is there a required condition?
X509_STORE_new returns null
What is the expected behavior? Why is that the expected behavior?
Checking result of
X509_STORE_new
against nullptrWhat do you see instead?
Lack of check
Additional information
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reporter: Burkov Egor ([email protected]).
Organization: R-Vision ([email protected]).
The text was updated successfully, but these errors were encountered: