trace: fix out-of-bound memory access
When OSSL_trace_get_category_num() is called with an unknown category name, it returns -1. This case needs to be considered in order to avoid out-of-bound memory access to the `trace_channels` array. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8552)
This commit is contained in:
parent
0fda9f7c29
commit
6a411436a5
1 changed files with 5 additions and 1 deletions
|
@ -431,7 +431,8 @@ int OSSL_trace_enabled(int category)
|
|||
int ret = 0;
|
||||
#ifndef OPENSSL_NO_TRACE
|
||||
category = ossl_trace_get_category(category);
|
||||
ret = trace_channels[category].bio != NULL;
|
||||
if (category >= 0)
|
||||
ret = trace_channels[category].bio != NULL;
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
@ -443,6 +444,9 @@ BIO *OSSL_trace_begin(int category)
|
|||
char *prefix = NULL;
|
||||
|
||||
category = ossl_trace_get_category(category);
|
||||
if (category < 0)
|
||||
return NULL;
|
||||
|
||||
channel = trace_channels[category].bio;
|
||||
prefix = trace_channels[category].prefix;
|
||||
|
||||
|
|
Loading…
Reference in a new issue