diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-04-08 13:39:15 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-04-18 19:54:17 +0200 |
commit | e0331eb8b818ed0daac45e0786571958f744d398 (patch) | |
tree | a8e16f7abbd0964c4c1f90a452c4cb927f286308 | |
parent | 753283cd23c268a6109443cf6f5b73857442b2df (diff) |
Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
-rw-r--r-- | crypto/x509/x509_cmp.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 5b00038659..654b7b5a68 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -21,6 +21,10 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) int i; const X509_CINF *ai, *bi; + if (b == NULL) + return a != NULL; + if (a == NULL) + return -1; ai = &a->cert_info; bi = &b->cert_info; i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); @@ -161,8 +165,12 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int ret; - /* Ensure canonical encoding is present and up to date */ + if (b == NULL) + return a != NULL; + if (a == NULL) + return -1; + /* Ensure canonical encoding is present and up to date */ if (!a->canon_enc || a->modified) { ret = i2d_X509_NAME((X509_NAME *)a, NULL); if (ret < 0) |