From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 6 Aug 2024 16:29:44 +0000 (-0600)
Subject: Prevent crash on missing Authority Key Identifier
X-Git-Tag: 1.6.3~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b1eb3c507ae920859bbe294776ebc2bb30bb7e56;p=thirdparty%2FFORT-validator.git

Prevent crash on missing Authority Key Identifier

Another missing NULL check.

Thanks to Niklas Vogel for reporting this.
---

diff --git a/src/extension.c b/src/extension.c
index 99045fa9..85ce331d 100644
--- a/src/extension.c
+++ b/src/extension.c
@@ -1005,6 +1005,10 @@ handle_aki(void *ext, void *arg)
 	AUTHORITY_KEYID *aki = ext;
 	X509 *parent;
 
+	if (aki->keyid == NULL) {
+		return pr_val_err("%s extension lacks a keyIdentifier.",
+		    ext_aki()->name);
+	}
 	if (aki->issuer != NULL) {
 		return pr_val_err("%s extension contains an authorityCertIssuer.",
 		    ext_aki()->name);
diff --git a/src/object/certificate.c b/src/object/certificate.c
index f36392d4..2708c66d 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1311,7 +1311,8 @@ handle_aki_ta(void *ext, void *arg)
 	}
 
 	error = (ASN1_OCTET_STRING_cmp(aki->keyid, ski) != 0)
-	      ? pr_val_err("The '%s' does not equal the '%s'.", ext_aki()->name, ext_ski()->name)
+	      ? pr_val_err("The '%s' does not equal the '%s'.",
+	                   ext_aki()->name, ext_ski()->name)
 	      : 0;
 
 	ASN1_BIT_STRING_free(ski);