Skip to content

A potential bug of NPD #19050

New issue
New issue
Closed
Closed
A potential bug of NPD#19050
Assignees
faramir-dev
Labels
branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: 3.0Applies to openssl-3.0 branchbranch: masterApplies to master branchgood first issueBite size change that could be a good starttriaged: bugThe issue/pr is/fixes a bug
@ash1852

Description

@ash1852
ash1852
opened on Aug 24, 2022

Hi, I found a potential null pointer dereference bug in the project source code of openssl, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the red arrows represent the call relationships, the file path can be seen in the blue framed section.
image
Although the code shown is for version 1.1.1, this potential bug is still present in the current version

openssl/apps/speed.c

Lines 3483 to 3487 in bf16ee4

if (CHECK_AND_SKIP_PREFIX(p, "+F:")) {
int alg;
int j;
alg = atoi(sstrsep(&p, sep));

would you can help to check if this bug is true?thank you!

Metadata

Metadata

Assignees

Labels

branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: 3.0Applies to openssl-3.0 branchbranch: masterApplies to master branchgood first issueBite size change that could be a good starttriaged: bugThe issue/pr is/fixes a bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions