romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-06 09:47:28 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/lib/vtls
History
Viktor Szakats ba685ad5e5
openssl: fix potential NULL dereference when loading certs (Windows) 
This could happen if the first cert to be loaded missed EKU (Enhanced
Key Usage) data, when using native CA on Windows.

Fix by skipping certs without Enhanced Key Usage data.

Detected by clang-tidy:
```
lib/vtls/openssl.c:2922:15: warning: Access to field 'cUsageIdentifier'
 results in a dereference of a null pointer (loaded from variable
 'enhkey_usage') [clang-analyzer-core.NullDereference]
 2922 |           if(!enhkey_usage->cUsageIdentifier) {
      |               ^
```

Refs:
https://learn.microsoft.com/windows/win32/secgloss/e-gly
https://learn.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-certgetenhancedkeyusage
https://gitlab.winehq.org/wine/wine/-/blob/wine-11.2/dlls/crypt32/cert.c?ref_type=tags#L3061-3164

Assisted-by: Stefan Eissing

Closes #20634
2026-02-24 12:34:19 +01:00
..
apple.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
apple.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
cipher_suite.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
cipher_suite.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
gtls.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
gtls.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
hostcheck.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
hostcheck.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
keylog.c clang-tidy: enable readability-math-missing-parentheses, adjust code 2026-02-23 18:57:40 +01:00
keylog.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
mbedtls.c mbedtls: split mbed_connect_step1 into sub functions 2026-02-24 11:19:20 +01:00
mbedtls.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
openssl.c openssl: fix potential NULL dereference when loading certs (Windows) 2026-02-24 12:34:19 +01:00
openssl.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
rustls.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
rustls.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
schannel.c spacecheck: double spaces in folded strings, fix fallouts 2026-02-24 00:48:12 +01:00
schannel.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
schannel_int.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
schannel_verify.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls_int.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls_scache.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls_scache.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls_spack.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
vtls_spack.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
wolfssl.c lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
wolfssl.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00
x509asn1.c clang-tidy: enable readability-math-missing-parentheses, adjust code 2026-02-23 18:57:40 +01:00
x509asn1.h lib: use lib source directory as base include path 2026-02-23 16:00:42 +01:00