From 9fd6f7d1cd2a3c8e2bc69dcb8bde8406eb6c2623 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Mon, 8 Jul 2019 20:14:50 +1000
Subject: Avoid NULL pointer dereference. Fixes #9043.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9059)
---
 crypto/x509/t_req.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'crypto/x509/t_req.c')

diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 28157de7e3..8af6510bf5 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -127,6 +127,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                 if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
                     ii = 0;
                     count = X509_ATTRIBUTE_count(a);
+                    if (count == 0) {
+                      X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES);
+                      return 0;
+                    }
  get_next:
                     at = X509_ATTRIBUTE_get0_type(a, ii);
                     type = at->type;
-- 
cgit v1.2.3