From: Arne Schwabe <[email protected]> There is a theoretical possibility that OpenSSL returns an NID that OBJ_nid2sn cannot resolve and thus the function return NULL.
This is however extremely unlikely. But we still cover this case now to make linters/code checker happy and avoid similar false positives in the future. Reported-by: Joshua Rogers <[email protected]> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I70e221ff5d9752fec17bad18fd41dcf188ae8fbc Signed-off-by: Arne Schwabe <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1325 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1325 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <[email protected]> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d997141..a4a6863 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -2408,7 +2408,17 @@ return "(error getting name)"; default: - return OBJ_nid2sn(nid); + { + const char *type = OBJ_nid2sn(nid); + if (!type) + { + /* This is unlikely to ever happen as OpenSSL is unlikely to + * return an NID it cannot resolve itself but we silence + * linter/code checkers here */ + type = "(error getting name, OBJ_nid2sn failed)"; + } + return type; + } } } #endif /* ifndef LIBRESSL_VERSION_NUMBER */ _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
