Opened 8 years ago
#10088 new Bugs
Null Pointer Deference in engine.ipp
Reported by: | Owned by: | chris_kohlhoff | |
---|---|---|---|
Milestone: | To Be Determined | Component: | asio |
Version: | Boost Development Trunk | Severity: | Optimization |
Keywords: | Cc: |
Description
http://svn.boost.org/svn/boost/trunk/boost/asio/ssl/detail/impl/engine.ipp
In below code, ssl_ is checked to be non NUll (which is already done in costructor), which means it can be NULL, but passed to SSL_get_shutdown without NULL check. If it is passed to this function as NULL, it will crash. As ssl_ is already checked in constructor and there is no NULL check in other functions also, checking to not NULL in 214 is always true and hence can be avoided. Please apply the patch.
212 // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the 213 // underlying transport is passed through. 214 if (ssl_ && ssl_->version == SSL2_VERSION) 215 return ec; 216 217 // Otherwise, the peer should have negotiated a proper shutdown. 218 if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0)
Attachments (1)
Note:
See TracTickets
for help on using tickets.
Avoid possible NULL Pointer derefference .