From: JohnnySavages <drokov@rutoken.ru>
Date: Wed, 24 Jul 2024 11:17:49 +0000 (-0400)
Subject: Check sk_X509_value result before dereference
X-Git-Tag: openssl-3.5.0-alpha1~1085
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d71a6622be15592ad75dd4e6c5816c9042611e9;p=thirdparty%2Fopenssl.git

Check sk_X509_value result before dereference

issuer passed as second parameter to check_issued may result in
NULL dereference

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24760)
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1794c14e992..8257b431ea5 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1606,6 +1606,8 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
         issuer = sk_X509_value(ctx->chain, cnum + 1);
     } else {
         issuer = sk_X509_value(ctx->chain, chnum);
+        if (!ossl_assert(issuer != NULL))
+            return 0;
         /* If not self-issued, can't check signature */
         if (!ctx->check_issued(ctx, issuer, issuer) &&
             !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER))