]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Check sk_X509_value result before dereference
authorJohnnySavages <drokov@rutoken.ru>
Wed, 24 Jul 2024 11:17:49 +0000 (07:17 -0400)
committerTomas Mraz <tomas@openssl.org>
Tue, 24 Sep 2024 15:40:26 +0000 (17:40 +0200)
issuer passed as second parameter to check_issued may result in
NULL dereference

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24760)

crypto/x509/x509_vfy.c

index 1794c14e9920ae06e5667dfa8eee518d2a8e1ccb..8257b431ea598b2c88f7d0a9a8a67190aad9bde7 100644 (file)
@@ -1606,6 +1606,8 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
         issuer = sk_X509_value(ctx->chain, cnum + 1);
     } else {
         issuer = sk_X509_value(ctx->chain, chnum);
+        if (!ossl_assert(issuer != NULL))
+            return 0;
         /* If not self-issued, can't check signature */
         if (!ctx->check_issued(ctx, issuer, issuer) &&
             !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER))