From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 10 Aug 2021 11:56:25 +0000 (+0200)
Subject: checkKey: handle NULL error string from OpenSSL more gracefully
X-Git-Tag: dnsdist-1.7.0-alpha1~69^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10642%2Fhead;p=thirdparty%2Fpdns.git

checkKey: handle NULL error string from OpenSSL more gracefully

fixes #10641
---

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index cee5e6069a..0f5396cea2 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -491,7 +491,11 @@ bool OpenSSLRSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) const
   if (RSA_check_key(d_key.get()) != 1) {
     retval = false;
     if (errorMessages != nullptr) {
-      errorMessages->push_back(ERR_reason_error_string(ERR_get_error()));
+      auto errmsg = ERR_reason_error_string(ERR_get_error());
+      if (errmsg == nullptr) {
+        errmsg = "Unknown OpenSSL error";
+      }
+      errorMessages->push_back(errmsg);
     }
   }
   return retval;
@@ -802,7 +806,11 @@ bool OpenSSLECDSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) con
   if (EC_KEY_check_key(d_eckey.get()) != 1) {
     retval = false;
     if (errorMessages != nullptr) {
-      errorMessages->push_back(ERR_reason_error_string(ERR_get_error()));
+      auto errmsg = ERR_reason_error_string(ERR_get_error());
+      if (errmsg == nullptr) {
+        errmsg = "Unknown OpenSSL error";
+      }
+      errorMessages->push_back(errmsg);
     }
   }
   return retval;