From b1eb3c507ae920859bbe294776ebc2bb30bb7e56 Mon Sep 17 00:00:00 2001
From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 6 Aug 2024 10:29:44 -0600
Subject: [PATCH] Prevent crash on missing Authority Key Identifier

Another missing NULL check.

Thanks to Niklas Vogel for reporting this.
---
 src/extension.c          | 4 ++++
 src/object/certificate.c | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/extension.c b/src/extension.c
index 99045fa9..85ce331d 100644
--- a/src/extension.c
+++ b/src/extension.c
@@ -1005,6 +1005,10 @@ handle_aki(void *ext, void *arg)
 	AUTHORITY_KEYID *aki = ext;
 	X509 *parent;
 
+	if (aki->keyid == NULL) {
+		return pr_val_err("%s extension lacks a keyIdentifier.",
+		    ext_aki()->name);
+	}
 	if (aki->issuer != NULL) {
 		return pr_val_err("%s extension contains an authorityCertIssuer.",
 		    ext_aki()->name);
diff --git a/src/object/certificate.c b/src/object/certificate.c
index f36392d4..2708c66d 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1311,7 +1311,8 @@ handle_aki_ta(void *ext, void *arg)
 	}
 
 	error = (ASN1_OCTET_STRING_cmp(aki->keyid, ski) != 0)
-	      ? pr_val_err("The '%s' does not equal the '%s'.", ext_aki()->name, ext_ski()->name)
+	      ? pr_val_err("The '%s' does not equal the '%s'.",
+	                   ext_aki()->name, ext_ski()->name)
 	      : 0;
 
 	ASN1_BIT_STRING_free(ski);
-- 
2.47.3