Prevent crash on missing Authority Key Identifier

author Alberto Leiva Popper <ydahhrk@gmail.com>

Tue, 6 Aug 2024 16:29:44 +0000 (10:29 -0600)

committer Alberto Leiva Popper <ydahhrk@gmail.com>

Tue, 6 Aug 2024 16:29:44 +0000 (10:29 -0600)
author Alberto Leiva Popper <ydahhrk@gmail.com>
Tue, 6 Aug 2024 16:29:44 +0000 (10:29 -0600)
committer Alberto Leiva Popper <ydahhrk@gmail.com>
Tue, 6 Aug 2024 16:29:44 +0000 (10:29 -0600)
diff --git a/src/extension.c b/src/extension.c

index 99045fa99f8c883991f0018fd02453f56016d8bb..85ce331dbf286e1ec86e873e22c0aeacacdff753 100644 (file)
--- a/src/extension.c
+++ b/src/extension.c
@@ -1005,6 +1005,10 @@ handle_aki(void *ext, void *arg)
         AUTHORITY_KEYID *aki = ext;
         X509 *parent;
  
+       if (aki->keyid == NULL) {
+               return pr_val_err("%s extension lacks a keyIdentifier.",
+                   ext_aki()->name);
+       }
         if (aki->issuer != NULL) {
                 return pr_val_err("%s extension contains an authorityCertIssuer.",
                     ext_aki()->name);
diff --git a/src/object/certificate.c b/src/object/certificate.c

index f36392d41063142898194df4c7871e4beba7caea..2708c66d35a75bf6e859b06f6038c86a4108a997 100644 (file)
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1311,7 +1311,8 @@ handle_aki_ta(void *ext, void *arg)
         }
  
         error = (ASN1_OCTET_STRING_cmp(aki->keyid, ski) != 0)
-             ? pr_val_err("The '%s' does not equal the '%s'.", ext_aki()->name, ext_ski()->name)
+             ? pr_val_err("The '%s' does not equal the '%s'.",
+                          ext_aki()->name, ext_ski()->name)
               : 0;
  
         ASN1_BIT_STRING_free(ski);
author	Alberto Leiva Popper <ydahhrk@gmail.com>
	Tue, 6 Aug 2024 16:29:44 +0000 (10:29 -0600)
committer	Alberto Leiva Popper <ydahhrk@gmail.com>
	Tue, 6 Aug 2024 16:29:44 +0000 (10:29 -0600)
src/extension.c		patch \| blob \| blame \| history
src/object/certificate.c		patch \| blob \| blame \| history