From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Fri, 10 Oct 2025 23:40:54 +0000 (+0800)
Subject: cmp: guard NULL header sender when expected_sender is set
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~334
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50a8f559e8f4e4becdee5502aa9fa2f35885869c;p=thirdparty%2Fopenssl.git

cmp: guard NULL header sender when expected_sender is set

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28847)
---

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index e2432febb2f..0fb73b5e84d 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -725,6 +725,11 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
         const X509_NAME *actual_sender;
         char *str;
 
+        if (hdr->sender == NULL) {
+            ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_SENDER_IDENTIFICATION);
+            return 0;
+        }
+
         if (hdr->sender->type != GEN_DIRNAME) {
             ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
             return 0;