trace: fix out-of-bound memory access

When OSSL_trace_get_category_num() is called with an unknown category name, it returns -1. This case needs to be considered in order to avoid out-of-bound memory access to the `trace_channels` array. Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#8552)
pishun · Mar 29, 2019 · 6a41143 · 6a41143
1 parent 0fda9f7
commit 6a41143
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/crypto/trace.c b/crypto/trace.c
@@ -431,7 +431,8 @@ int OSSL_trace_enabled(int category)
     int ret = 0;
 #ifndef OPENSSL_NO_TRACE
     category = ossl_trace_get_category(category);
-    ret = trace_channels[category].bio != NULL;
+    if (category >= 0)
+        ret = trace_channels[category].bio != NULL;
 #endif
     return ret;
 }
@@ -443,6 +444,9 @@ BIO *OSSL_trace_begin(int category)
     char *prefix = NULL;
 
     category = ossl_trace_get_category(category);
+    if (category < 0)
+        return NULL;
+
     channel = trace_channels[category].bio;
     prefix = trace_channels[category].prefix;