If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF

flag, it will сrash to X509_up_ref.  Passing NULL here is not valid,
return 0 if cert == NULL.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)

(cherry picked from commit 3c7db9e0fdf4706d91cedf5fca70b609bdc1677e)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 989fb8faa9f465596c80cdd053a09aa112a74446..697fdf5347d4d5022c5791d5b88d33e1b1e8fdac 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags)
         ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
+    if (cert == NULL)
+        return 0;
     if ((flags & X509_ADD_FLAG_NO_DUP) != 0) {
         /*
          * not using sk_X509_set_cmp_func() and sk_X509_find()

diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod
index a4f3ea503243eeb94f61efb7215c1509c97d4cab..2b38830eb171accf488924f5564b4bc8bce91482 100644 (file)
--- a/doc/man3/X509_add_cert.pod
+++ b/doc/man3/X509_add_cert.pod
@@ -16,6 +16,7 @@ X509 certificate list addition functions
 =head1 DESCRIPTION
 
 X509_add_cert() adds a certificate I<cert> to the given list I<sk>.
+It is an error for the I<cert> argument to be NULL.
 
 X509_add_certs() adds a list of certificate I<certs> to the given list I<sk>.
 The I<certs> argument may be NULL, which implies no effect.