[tor-commits] [tor/maint-0.3.5] rust/protover: fix null deref in protover_all_supported()

[nickm at torproject.org]

commit db89b4b1527103455e1bd85839a88d614a402354
Author: cypherpunks <cypherpunks at torproject.org>
Date:   Fri Sep 21 04:57:26 2018 +0000

    rust/protover: fix null deref in protover_all_supported()
    
    Fortunately with the current callers it couldn't happen in practice.
    
    Fix on d1820c1516a31a149fc51a9e5126bf899e4c4e08.
---
 changes/bug27804         | 3 +++
 src/rust/protover/ffi.rs | 3 +++
 src/test/test_protover.c | 1 +
 3 files changed, 7 insertions(+)

diff --git a/changes/bug27804 b/changes/bug27804
new file mode 100644
index 000000000..fa7fec0bc
--- /dev/null
+++ b/changes/bug27804
@@ -0,0 +1,3 @@
+  o Minor bugfixes (rust):
+    - Fix a potential null dereference in protover_all_supported().
+      Add a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs
index 9656e8c31..ca9a504fe 100644
--- a/src/rust/protover/ffi.rs
+++ b/src/rust/protover/ffi.rs
@@ -68,6 +68,9 @@ pub extern "C" fn protover_all_supported(
 
     if maybe_unsupported.is_some() {
         let unsupported: UnvalidatedProtoEntry = maybe_unsupported.unwrap();
+        if missing_out.is_null() {
+            return 0;
+        }
         let c_unsupported: CString = match CString::new(unsupported.to_string()) {
             Ok(n) => n,
             Err(_) => return 1,
diff --git a/src/test/test_protover.c b/src/test/test_protover.c
index fb374c728..d1fc7752d 100644
--- a/src/test/test_protover.c
+++ b/src/test/test_protover.c
@@ -259,6 +259,7 @@ test_protover_all_supported(void *arg)
   tt_ptr_op(msg, OP_EQ, NULL);
 
   // Some things we don't support
+  tt_assert(! protover_all_supported("Wombat=9", NULL));
   tt_assert(! protover_all_supported("Wombat=9", &msg));
   tt_str_op(msg, OP_EQ, "Wombat=9");
   tor_free(msg);