]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8678046)
cmp: guard NULL header sender when expected_sender is set
authorJoshua Rogers <MegaManSec@users.noreply.github.com>
Fri, 10 Oct 2025 23:40:54 +0000 (07:40 +0800)
committerTomas Mraz <tomas@openssl.org>
Fri, 17 Oct 2025 17:21:52 +0000 (19:21 +0200)
Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28847)

crypto/cmp/cmp_vfy.c patch | blob | blame | history

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index e2432febb2fcb8b070df051ffc7894916dd6a05f..0fb73b5e84d70678b3f8b82f6e298fa0d0232749 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -725,6 +725,11 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
         const X509_NAME *actual_sender;
         char *str;
 
+        if (hdr->sender == NULL) {
+            ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_SENDER_IDENTIFICATION);
+            return 0;
+        }
+
         if (hdr->sender->type != GEN_DIRNAME) {
             ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
             return 0;
Mirror of https://github.com/openssl/openssl.git