Add missing NULL checks (#871)

normanmaurer · web-flow · commit 9d078866a5fe · 2024-06-12T21:06:31.000+02:00
Motivation:

We didn't have all the necessary NULL checks in place which could cause
a segfault when an operation failed in native code due an OOME (for
example).

Modifications:

Add missing NULL checks

Result:

Correctly handle error scenarios
diff --git a/openssl-dynamic/src/main/c/cert_compress.c b/openssl-dynamic/src/main/c/cert_compress.c
@@ -54,6 +54,9 @@ static int compress(jobject compression_algorithm, jmethodID compress_method, SS
         return 0; // Unable to reserve space for compressed data
     }
     jbyte* resultData = (*e)->GetByteArrayElements(e, resultArray, NULL);
+    if (resultData == NULL) {
+        return 0;
+    }
     memcpy(outData, resultData, resultLen);
     (*e)->ReleaseByteArrayElements(e, resultArray, resultData, JNI_ABORT);
     if (!CBB_did_write(out, resultLen)) {
@@ -102,6 +105,9 @@ static int decompress(jobject compression_algorithm, jmethodID decompress_method
         return 0; // Unable to allocate certificate decompression buffer
     }
     jbyte* resultData = (*e)->GetByteArrayElements(e, resultArray, NULL);
+    if (resultData == NULL) {
+        return 0;
+    }
     memcpy(outData, resultData, uncompressed_len);
     (*e)->ReleaseByteArrayElements(e, resultArray, resultData, JNI_ABORT);
     return 1; // Success
diff --git a/openssl-dynamic/src/main/c/ssl.c b/openssl-dynamic/src/main/c/ssl.c
@@ -1849,7 +1849,6 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getSessionId)(TCN_STDARGS, jlong ssl)
         return NULL;
     }
 
-
     if ((bArray = (*e)->NewByteArray(e, len)) == NULL) {
         return NULL;
     }
diff --git a/openssl-dynamic/src/main/c/sslcontext.c b/openssl-dynamic/src/main/c/sslcontext.c
@@ -1363,7 +1363,11 @@ TCN_IMPLEMENT_CALL(void, SSLContext, setSessionTicketKeys0)(TCN_STDARGS, jlong c
         return;
     }
 
-    b = (*e)->GetByteArrayElements(e, keys, NULL);
+    if ((b = (*e)->GetByteArrayElements(e, keys, NULL)) == NULL) {
+      tcn_ThrowException(e, "GetByteArrayElements() returned null");
+      return;
+    }
+
     for (i = 0; i < cnt; ++i) {
         key = b + (SSL_SESSION_TICKET_KEY_SIZE * i);
         memcpy(ticket_keys[i].key_name, key, 16);
@@ -1495,7 +1499,7 @@ static jbyteArray get_certs(JNIEnv *e, SSL* ssl, STACK_OF(X509)* chain) {
         length = i2d_X509(cert, &buf);
 #endif // OPENSSL_IS_BORINGSSL
 
-        if (length <= 0 || (bArray = (*e)->NewByteArray(e, length)) == NULL ) {
+        if (length <= 0 || (bArray = (*e)->NewByteArray(e, length)) == NULL) {
             NETTY_JNI_UTIL_DELETE_LOCAL(e, array);
             array = NULL;
             goto complete;
@@ -2173,7 +2177,11 @@ static enum ssl_private_key_result_t tcn_private_key_sign_java(SSL *ssl, uint8_t
             } else {
                 arrayLen = (*e)->GetArrayLength(e, resultBytes);
                 if (max_out >= arrayLen) {
-                    b = (*e)->GetByteArrayElements(e, resultBytes, NULL);
+                    if ((b = (*e)->GetByteArrayElements(e, resultBytes, NULL)) == NULL) {
+                        ret = ssl_private_key_failure;
+                        goto complete;
+                    }
+
                     memcpy(out, b, arrayLen);
                     (*e)->ReleaseByteArrayElements(e, resultBytes, b, JNI_ABORT);
                     *out_len = arrayLen;
@@ -2238,7 +2246,11 @@ static enum ssl_private_key_result_t tcn_private_key_decrypt_java(SSL *ssl, uint
             } else {
                 arrayLen = (*e)->GetArrayLength(e, resultBytes);
                 if (max_out >= arrayLen) {
-                    b = (*e)->GetByteArrayElements(e, resultBytes, NULL);
+                    if ((b = (*e)->GetByteArrayElements(e, resultBytes, NULL)) == NULL) {
+                        ret = ssl_private_key_failure;
+                        goto complete;
+                    }
+
                     memcpy(out, b, arrayLen);
                     (*e)->ReleaseByteArrayElements(e, resultBytes, b, JNI_ABORT);
                     *out_len = arrayLen;
@@ -2300,7 +2312,9 @@ static enum ssl_private_key_result_t tcn_private_key_complete_java(SSL *ssl, uin
              // belong to us.
             return ssl_private_key_failure;
         }
-        b = (*e)->GetByteArrayElements(e, resultBytes, NULL);
+        if ((b = (*e)->GetByteArrayElements(e, resultBytes, NULL)) == NULL) {
+            return ssl_private_key_failure;
+        }
         memcpy(out, b, arrayLen);
         (*e)->ReleaseByteArrayElements(e, resultBytes, b, JNI_ABORT);
         *out_len = arrayLen;

Original file line number	Diff line number	Diff line change
`@@ -1849,7 +1849,6 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getSessionId)(TCN_STDARGS, jlong ssl)`
`1849`	`1849`	`return NULL;`
`1850`	`1850`	`}`
`1851`	`1851`
`1852`		`-`
`1853`	`1852`	`if ((bArray = (*e)->NewByteArray(e, len)) == NULL) {`
`1854`	`1853`	`return NULL;`
`1855`	`1854`	`}`