Combined patch against OpenSSL_1_1_0-stable branch for the following issues:

Fixed a memory leak in ASN1_digest and ASN1_item_digest. Reworked error handling in asn1_item_embed_new. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in CRYPTO_free_ex_data. Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon. Check for null pointer in tls_process_cert_verify. Fixes #2103 #2104 #2105 #2109 #2111 #2115 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2163)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2016-12-31 13:01:11 +0100
committer: Richard Levitte <levitte@openssl.org> 2017-02-05 00:58:00 +0100
commit: 5d0634a93bdc18e753d641c4563cb18f685e148f (patch)
tree: 3e37a7584a5f9552848147f45dd31a5dec24bd32 /ssl
parent: ac162301b45a7458ced227437922141c692383ae (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 2d110aad33..f875b3c221 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2715,6 +2715,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
 
     peer = s->session->peer;
     pkey = X509_get0_pubkey(peer);
+    if (pkey == NULL) {
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+
     type = X509_certificate_type(peer, pkey);
 
     if (!(type & EVP_PKT_SIGN)) {
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2016-12-31 13:01:11 +0100
committer	Richard Levitte <levitte@openssl.org>	2017-02-05 00:58:00 +0100
commit	5d0634a93bdc18e753d641c4563cb18f685e148f (patch)
tree	3e37a7584a5f9552848147f45dd31a5dec24bd32 /ssl
parent	ac162301b45a7458ced227437922141c692383ae (diff)