From 04151456b9d896a7825a5ac77c0310c97fa5f650 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Mon, 8 Jul 2019 13:39:20 +1000
Subject: Avoid NULL pointer dereference.

[manual merge from #9059 to 1.1.0]

Fixes: #9043

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9322)
---
 crypto/x509/t_req.c    | 4 ++++
 crypto/x509/x509_err.c | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'crypto')

diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 77ce810835..3207dfaccc 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -125,6 +125,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                 if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
                     ii = 0;
                     count = X509_ATTRIBUTE_count(a);
+                    if (count == 0) {
+                        X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES);
+                        return 0;
+                    }
  get_next:
                     at = X509_ATTRIBUTE_get0_type(a, ii);
                     type = at->type;
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 9f91188a76..e1a33645f5 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -97,6 +97,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
     {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
     {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
     {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_REASON(X509_R_INVALID_ATTRIBUTES), "invalid attributes"},
     {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
     {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
     {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
-- 
cgit v1.2.3