Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

BoringSSL: Fix PKCS12_parse() segfault when used without password

Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 9 years ago
parent
a89beee589
commit
c07e7b43e9
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/crypto/tls_openssl.c

+ 2 - 0
src/crypto/tls_openssl.c
View File 

@@ -2076,6 +2076,8 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
 
 	pkey = NULL;
 
 	cert = NULL;
 
 	certs = NULL;
 
+	if (!passwd)
 
+		passwd = "";
 
 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
 
 		tls_show_errors(MSG_DEBUG, __func__,
 
 				"Failed to parse PKCS12 file");