49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
From e60166815448f1ce4cc27e59a16e5805e864113d Mon Sep 17 00:00:00 2001
|
|
From: Jay Satiro <raysatiro@yahoo.com>
|
|
Date: Mon, 24 Mar 2025 02:48:01 -0400
|
|
Subject: [PATCH] openssl: fix crash on missing cert password
|
|
|
|
- Return 0 for password length if OpenSSL is expecting a certificate
|
|
password but the user did not provide one.
|
|
|
|
Prior to this change libcurl would crash if OpenSSL called the certificate
|
|
password callback in libcurl but no password was provided (NULL).
|
|
|
|
Reported-by: Roman Zharkov
|
|
|
|
Fixes https://github.com/curl/curl/issues/16806
|
|
Closes https://github.com/curl/curl/pull/16807
|
|
|
|
Conflict:context adapt
|
|
Reference:https://github.com/curl/curl/commit/e60166815448f1ce4cc27e59a16e5805e864113d
|
|
---
|
|
lib/vtls/openssl.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
index 1beda3133..4d5e1be29 100644
|
|
--- a/lib/vtls/openssl.c
|
|
+++ b/lib/vtls/openssl.c
|
|
@@ -931,14 +931,14 @@ static char *ossl_strerror(unsigned long error, char *buf, size_t size)
|
|
}
|
|
|
|
static int passwd_callback(char *buf, int num, int encrypting,
|
|
- void *global_passwd)
|
|
+ void *password)
|
|
{
|
|
DEBUGASSERT(0 == encrypting);
|
|
|
|
- if(!encrypting) {
|
|
- int klen = curlx_uztosi(strlen((char *)global_passwd));
|
|
+ if(!encrypting && num >= 0 && password) {
|
|
+ int klen = curlx_uztosi(strlen((char *)password));
|
|
if(num > klen) {
|
|
- memcpy(buf, global_passwd, klen + 1);
|
|
+ memcpy(buf, password, klen + 1);
|
|
return klen;
|
|
}
|
|
}
|
|
--
|
|
2.43.0
|
|
|