Missing check on input arguments (NULL dereference)
ManSoSec opened this issue · 1 comments
ManSoSec commented
I noticed this missing argument check here (in HashOutput)
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6477
While it is done in 2 functions (HashInput and HashOutputRaw) here:
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6431
https://github.com/wolfSSL/wolfssl/blob/master/src/internal.c#L6550
if (ssl->hsHashes == NULL)
return BAD_FUNC_ARG;
I can send a pull request.
ejohnstown commented
Thank you for bringing this to our attention. I'll go ahead and fix this and the other two issues.