wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!

https://www.wolfssl.com

Missing check on input arguments (NULL dereference)

ManSoSec opened this issue 5 years ago · comments

Mansour Ahmadi commented 5 years ago

I noticed this missing argument check here (in HashOutput)
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6477

While it is done in 2 functions (HashInput and HashOutputRaw) here:
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6431
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6550

if (ssl->hsHashes == NULL)
return BAD_FUNC_ARG;

I can send a pull request.

John Safranek commented 5 years ago

Thank you for bringing this to our attention. I'll go ahead and fix this and the other two issues.