Fix CID 1463883 Dereference after null check (in ess_find_cert_v2())

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379)
author: Shane Lontis <shane.lontis@oracle.com> 2020-07-06 16:13:48 +1000
committer: Dmitry Belyavskiy <beldmit@gmail.com> 2020-07-08 11:19:08 +0300
commit: 5999d20ea8ed1c69e89b201fa70a5964ff11665e (patch)
tree: d4134d5a982958877d945ead826d8a7147393128 /crypto/ess
parent: 821278a885c7c8edb5bca943006df5700257390e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index 17f9db98ff..3f418235ad 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -339,7 +339,9 @@ int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert)
         const ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
         const EVP_MD *md;
 
-        if (cid != NULL && cid->hash_alg != NULL)
+        if (cid == NULL)
+            return -1;
+        if (cid->hash_alg != NULL)
             md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
         else
             md = EVP_sha256();
author	Shane Lontis <shane.lontis@oracle.com>	2020-07-06 16:13:48 +1000
committer	Dmitry Belyavskiy <beldmit@gmail.com>	2020-07-08 11:19:08 +0300
commit	5999d20ea8ed1c69e89b201fa70a5964ff11665e (patch)
tree	d4134d5a982958877d945ead826d8a7147393128 /crypto/ess
parent	821278a885c7c8edb5bca943006df5700257390e (diff)