From: Adam Šulc <sulcadam12@gmail.com>
Date: Thu, 20 Jul 2023 19:30:45 +0000 (+0200)
Subject: fix: reject adding a duplicity into STACK_OF(X509_ATTRIBUTE)
X-Git-Tag: openssl-3.2.0-alpha1~370
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7551264186f176ca5801aa84d60c7b91d8fba31f;p=thirdparty%2Fopenssl.git

fix: reject adding a duplicity into STACK_OF(X509_ATTRIBUTE)

Function `X509at_add1_attr()` (crypto/x509/x509_att.c) rejects to add a duplicity into `*x` but it searches in a wrong stack.

Changed to search in `*x`.

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21505)
---

diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 1fc99f7cad1..325a0dc1dd5 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -89,7 +89,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
         ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
     }
-    if (X509at_get_attr_by_OBJ(sk, attr->object, -1) != -1) {
+    if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) {
         ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
         return NULL;
     }