diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2018-10-16 23:50:16 +0200 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2018-10-17 12:04:17 +0200 |
commit | 135e8062369f3c7a2398ac12e7eea3c3c18b017d (patch) | |
tree | 307a9c999c67cbabefecbdbed155d302fd081009 /apps/ca.c | |
parent | 695bc60fe4abbe2e6ef3039f96bade5315778c98 (diff) |
Fix: 'openssl ca' command crashes when used with 'rand_serial' option
Commit ffb46830e2df introduced the 'rand_serial' option. When it is used,
the 'serialfile' does not get initialized, i.e. it remains a NULL pointer.
This causes a crash when the NULL pointer is passed to the rotate_serial()
call.
This commit fixes the crash and unifies the pointer checking before
calling the rotate_serial() and save_serial() commands.
Fixes #7412
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7417)
(cherry picked from commit aeec793b4bee929cef8ae35ec4b5a783a6e1d7ed)
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 19 |
1 files changed, 10 insertions, 9 deletions
@@ -976,7 +976,7 @@ end_of_options: BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); - if (!rand_ser + if (serialfile != NULL && !save_serial(serialfile, "new", serial, NULL)) goto end; @@ -1044,7 +1044,8 @@ end_of_options: if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - if (!rotate_serial(serialfile, "new", "old")) + if (serialfile != NULL + && !rotate_serial(serialfile, "new", "old")) goto end; if (!rotate_index(dbfile, "new", "old")) @@ -1177,10 +1178,9 @@ end_of_options: } /* we have a CRL number that need updating */ - if (crlnumberfile != NULL) - if (!rand_ser - && !save_serial(crlnumberfile, "new", crlnumber, NULL)) - goto end; + if (crlnumberfile != NULL + && !save_serial(crlnumberfile, "new", crlnumber, NULL)) + goto end; BN_free(crlnumber); crlnumber = NULL; @@ -1195,9 +1195,10 @@ end_of_options: PEM_write_bio_X509_CRL(Sout, crl); - if (crlnumberfile != NULL) /* Rename the crlnumber file */ - if (!rotate_serial(crlnumberfile, "new", "old")) - goto end; + /* Rename the crlnumber file */ + if (crlnumberfile != NULL + && !rotate_serial(crlnumberfile, "new", "old")) + goto end; } /*****************************************************************/ |