Skip to content

Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509#10217

Draft
ColtonWilley wants to merge 1 commit intowolfSSL:masterfrom
ColtonWilley:null-checks-evp-ocsp-x509
Draft

Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509#10217
ColtonWilley wants to merge 1 commit intowolfSSL:masterfrom
ColtonWilley:null-checks-evp-ocsp-x509

Conversation

@ColtonWilley
Copy link
Copy Markdown
Contributor

@ColtonWilley ColtonWilley commented Apr 14, 2026

Summary

Harden OpenSSL compatibility layer against NULL pointers, negative lengths,
and buffer overflows across EVP, OCSP, and X509 APIs. Fix DSA SignFinal
write-before-check overflow, add missing i2d_OCSP_RESPONSE allocation path,
and fix unaligned keyUsage access.

Test plan

  • Existing CI passes
  • OCSP single_get0_status test updated for new -1 return on NULL

@ColtonWilley
Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
58a2784 
Harden OpenSSL compatibility layer against NULL pointers, negative lengths,
and buffer overflows across EVP, OCSP, and X509 APIs. Fix DSA SignFinal
write-before-check overflow, add missing i2d_OCSP_RESPONSE allocation path,
and fix unaligned keyUsage access.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ColtonWilley