-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[defect]: potential null dereference when calling openssl API #5203
Comments
There is a balance between the "correctness" of checking every single call for errors, and the effort required to add those checks. In most cases, adding checks like this aren't worth the effort. If the OpenSSL calls fail, then something is massively wrong with the OpenSSL library. The server will fail quickly, and often. The administrator will then fix the OpenSSL library. Even if we did add these checks, there is very little that the server can do to work around them. It can stop doing the current TLS work, but that means it's not working as intended. The administrator will have to figure out why the server isn't doing TLS (or EAP-FAST). Which means that any changes not only have to check for failures, they have to log a descriptive error tells the administrator how to fix the issue. Fixing the issue means upgrading to a version of OpenSSL which isn't completely broken. I've seen similar requests to check the return value for functions like The solution is to fix the bugs, not to have the program keep doing "something". The same goes for here. It isn't efficient to go through the code looking for every possible minor error and catching it. If the error cannot be worked around, then there's no point in checking it. The server should just exit. |
Thank you for your reply. |
The Without the So there isn't a lot of point in adding Fixes for security bugs are welcome. But in between static analysis tools and automated fuzzer tests, I'm hoping that we have very few of those. If there's an issue where sending the server packets causes it to crash, that's a serious issue which should be fixed. But adding checks to every single API call is likely not worth the effort. Find a real bug and fix it. We're likely to not merge patches which add |
In the end, while this is theoretically a bug, when this happens, the only thing the server can do is exit. So dereferencing a NULL and crashing isn't entirely wrong. Unless there are patches supplied which (a) fix it, and (b) fix it cleanly without introducing massive amounts of code, there's no point in doing anything about this. |
What type of defect/bug is this?
incorrect 3rd party API usage
How can the issue be reproduced?
There are some potential NULL dereference bugs when calling EVP_DigestSignInit in src/modules/rlm_eap/types/rlm_eap_fast/eap_fast_crypto.c: 237 and 238.
And in src/lib/tls/verify.c, calling X509_STORE_CTX_set_ex_data might cause a null dereference.
It's better to add a null pointer check before using the pointer.
Additional, I want to make sure if I report a bug using an issue like this is OK. Thanks!
Log output from the FreeRADIUS daemon
Relevant log output from client utilities
No response
Backtrace from LLDB or GDB
No response
The text was updated successfully, but these errors were encountered: