Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11386)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-04-08 13:39:15 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-04-18 19:54:17 +0200
commit: e0331eb8b818ed0daac45e0786571958f744d398 (patch)
tree: a8e16f7abbd0964c4c1f90a452c4cb927f286308
parent: 753283cd23c268a6109443cf6f5b73857442b2df (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 5b00038659..654b7b5a68 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -21,6 +21,10 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
     int i;
     const X509_CINF *ai, *bi;
 
+    if (b == NULL)
+        return a != NULL;
+    if (a == NULL)
+        return -1;
     ai = &a->cert_info;
     bi = &b->cert_info;
     i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
@@ -161,8 +165,12 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
     int ret;
 
-    /* Ensure canonical encoding is present and up to date */
+    if (b == NULL)
+        return a != NULL;
+    if (a == NULL)
+        return -1;
 
+    /* Ensure canonical encoding is present and up to date */
     if (!a->canon_enc || a->modified) {
         ret = i2d_X509_NAME((X509_NAME *)a, NULL);
         if (ret < 0)
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-04-08 13:39:15 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-04-18 19:54:17 +0200
commit	e0331eb8b818ed0daac45e0786571958f744d398 (patch)
tree	a8e16f7abbd0964c4c1f90a452c4cb927f286308
parent	753283cd23c268a6109443cf6f5b73857442b2df (diff)