X509_REQ_get_extensions: add error queue entry on ill-formed extensions attribute

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)

diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index e3f5c2add18dd6514d952b9b3ba207199815f9c9..9e926fbe29a8447cfdac1c6af1edb10856c2fd59 100644 (file)
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -154,8 +154,10 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
     }
     if (ext == NULL) /* no extensions is not an error */
         return sk_X509_EXTENSION_new_null();
-    if (ext->type != V_ASN1_SEQUENCE)
+    if (ext->type != V_ASN1_SEQUENCE) {
+        ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE);
         return NULL;
+    }
     p = ext->value.sequence->data;
     return (STACK_OF(X509_EXTENSION) *)
         ASN1_item_d2i(NULL, &p, ext->value.sequence->length,