From 82e7a1130a7d10f4e15c19676a680990b5e3f8fe Mon Sep 17 00:00:00 2001 From: otherddn1978 Date: Fri, 13 Dec 2024 18:00:09 +0300 Subject: [PATCH] Check whether ctx->pctx != NULL If it is NULL, ctx->pctx->pmeth dereference will cause a crash. Found by Linux Verification Center (linuxtesting.org) with SVACE. Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26176) --- crypto/evp/m_sigver.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index f6a6810615..a58c46bd06 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -684,13 +684,17 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, { EVP_PKEY_CTX *pctx = ctx->pctx; + if (pctx == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return -1; + } + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); return 0; } - if (pctx != NULL - && pctx->operation == EVP_PKEY_OP_VERIFYCTX + if (pctx->operation == EVP_PKEY_OP_VERIFYCTX && pctx->op.sig.algctx != NULL && pctx->op.sig.signature != NULL) { if (pctx->op.sig.signature->digest_verify != NULL) { @@ -701,8 +705,8 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, } } else { /* legacy */ - if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) - return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); + if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL) + return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); } if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) return -1;