New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugs: Some potential NULL dereference bugs #1915
Comments
indeed SSL_new may return NULL. how did you find it ? mind submit a PR ? |
I'm detecting API misuse by static analysis. I'll submit a PR later. |
interesting. how do you detect api misuse ? |
For example, for
|
do you mind sharing CodeQL queries ? (or is it a "know how" ?) |
It's a example CodeQL detection code to check if there is a check of parameter 1 before calling |
Description
There are some potential null dereference bugs.
In src/Mayaqua/Network.c: 5807 and 5671, calling SSL_set_ex_data without checking the parameter 1 might cause a null-dereference.
In src/Mayaqua/Encrypt.c: 778, calling BN_bn2bin without checking the parameter 2 might cause a null-dereference.
Expected behavior:
It's better to check the pointer before calling these APIs
The text was updated successfully, but these errors were encountered: