You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2022/06/22 11:55:18 UTC
[Bug 66137] New: Lacking a check for the return of BN_bn2dec()
https://bz.apache.org/bugzilla/show_bug.cgi?id=66137
Bug ID: 66137
Summary: Lacking a check for the return of BN_bn2dec()
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: xkernel.wang@foxmail.com
Target Milestone: ---
Missing a check for the return value of BN_bn2dec() in
https://github.com/apache/httpd/blob/a296776a6a5ba8fe1f91de181ca6ce6293b71a52/modules/ssl/ssl_engine_vars.c#L861.
While BN_bn2dec() returns a NULL-terminated string or NULL on error.
So it is better to check the return of it in time to catch the internal error
and prevent its propagation.
This is at least from 2.4.51 in
httpd-2.4.51/modules/ssl/ssl_engine_vars.c:777:29.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 66137] Lacking a check for the return of BN_bn2dec()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66137
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
OS| |All
Resolution|--- |FIXED
--- Comment #1 from Giovanni Bechis <gi...@paclan.it> ---
fixed in r1902302.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org