diff options
| author | Pauli <paul.dale@oracle.com> | 2019-07-08 13:39:20 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2019-07-08 13:39:20 +1000 |
| commit | 04151456b9d896a7825a5ac77c0310c97fa5f650 (patch) | |
| tree | bcee8c5387a8703a7470acb3f16625c7503889cf | |
| parent | d9b6a51e926bfd1f86eac9de5dcbc28541fcf99f (diff) | |
Avoid NULL pointer dereference.
[manual merge from #9059 to 1.1.0]
Fixes: #9043
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9322)
| -rw-r--r-- | apps/req.c | 14 | ||||
| -rw-r--r-- | crypto/x509/t_req.c | 4 | ||||
| -rw-r--r-- | crypto/x509/x509_err.c | 3 | ||||
| -rw-r--r-- | include/openssl/x509.h | 1 |
4 files changed, 19 insertions, 3 deletions
diff --git a/apps/req.c b/apps/req.c index a20e7c1ef1..863c2873a7 100644 --- a/apps/req.c +++ b/apps/req.c @@ -743,9 +743,19 @@ int req_main(int argc, char **argv) if (text) { if (x509) - X509_print_ex(out, x509ss, nmflag, reqflag); + ret = X509_print_ex(out, x509ss, nmflag, reqflag); else - X509_REQ_print_ex(out, req, nmflag, reqflag); + ret = X509_REQ_print_ex(out, req, nmflag, reqflag); + + if (ret == 0) { + if (x509) + BIO_printf(bio_err, "Error printing certificate\n"); + else + BIO_printf(bio_err, "Error printing certificate request\n"); + + ERR_print_errors(bio_err); + goto end; + } } if (subject) { diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 77ce810835..3207dfaccc 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -125,6 +125,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { ii = 0; count = X509_ATTRIBUTE_count(a); + if (count == 0) { + X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES); + return 0; + } get_next: at = X509_ATTRIBUTE_get0_type(a, ii); type = at->type; diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 9f91188a76..e1a33645f5 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -97,6 +97,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"}, {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_REASON(X509_R_INVALID_ATTRIBUTES), "invalid attributes"}, {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"}, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 780386d530..75b39d17da 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1092,6 +1092,7 @@ int ERR_load_X509_strings(void); # define X509_R_CRL_ALREADY_DELTA 127 # define X509_R_CRL_VERIFY_FAILURE 131 # define X509_R_IDP_MISMATCH 128 +# define X509_R_INVALID_ATTRIBUTES 135 # define X509_R_INVALID_DIRECTORY 113 # define X509_R_INVALID_FIELD_NAME 119 # define X509_R_INVALID_TRUST 123 |