SSL_check_chain fix

If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit d813f9eb383a93e472e69750cd1edbb170205ad2)
author: Matt Caswell <matt@openssl.org> 2015-03-11 17:01:38 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-12 09:29:48 +0000
commit: 327de270d583e716bc0282dd0d59e133f41d7ada (patch)
tree: cc16236b695df46b10368f81912cf8471cfd4020
parent: 8e91b3d99115121765a15dbb685aa772b73b97ad (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2c3a1ec4bc..6e991e0938 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4126,10 +4126,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 # endif
     } else {
         if (!x || !pk)
-            goto end;
+            return 0;
         idx = ssl_cert_type(x, pk);
         if (idx == -1)
-            goto end;
+            return 0;
         cpk = c->pkeys + idx;
         if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
             check_flags = CERT_PKEY_STRICT_FLAGS;
author	Matt Caswell <matt@openssl.org>	2015-03-11 17:01:38 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-12 09:29:48 +0000
commit	327de270d583e716bc0282dd0d59e133f41d7ada (patch)
tree	cc16236b695df46b10368f81912cf8471cfd4020
parent	8e91b3d99115121765a15dbb685aa772b73b97ad (diff)