!81 OpenHarmony lts3.0修复openssl漏洞CVE-2022-4450

Merge pull request !81 from wanghao-free/OpenHarmony-3.0-LTS

!81 OpenHarmony lts3.0修复openssl漏洞CVE-2022-4450
Merge pull request !81 from wanghao-free/OpenHarmony-3.0-LTS
416f6af1 · openharmony_ci · Gitee · cffb0b42 · 7599da6f · 416f6af1
隐藏空白更改
内联并排

Showing with 32 addition and 0 deletion

crypto/pem/pem_lib.c crypto/pem/pem_lib.c +2 -0

test/pemtest.c test/pemtest.c +30 -0

未找到文件。
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -954,7 +954,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
    *data = pem_malloc(len, flags);
    if (*header == NULL || *data == NULL) {
        pem_free(*header, flags, 0);
+        *header = NULL;
        pem_free(*data, flags, 0);
+        *data = NULL;
        goto end;
    }
    BIO_read(headerB, *header, headerlen);

--- a/test/pemtest.c
+++ b/test/pemtest.c
@@ -83,9 +83,39 @@ static int test_invalid(void)
    return 1;
 }

+static int test_empty_payload(void)
+{
+    BIO *b;
+    static char *emptypay =
+        "-----BEGIN CERTIFICATE-----\n"
+        "-\n" /* Base64 EOF character */
+        "-----END CERTIFICATE-----";
+    char *name = NULL, *header = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int ret = 0;
+
+    b = BIO_new_mem_buf(emptypay, strlen(emptypay));
+    if (!TEST_ptr(b))
+        return 0;
+
+    /* Expected to fail because the payload is empty */
+    if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0)))
+        goto err;
+
+    ret = 1;
+ err:
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(data);
+    BIO_free(b);
+    return ret;
+}
+
 int setup_tests(void)
 {
    ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data));
    ADD_TEST(test_invalid);
+    ADD_TEST(test_empty_payload);
    return 1;
 }