From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 21 Jun 2021 12:47:58 +0000 (+0200)
Subject: cmp_server.c: Fix check: certConf not allowed after transaction is closed
X-Git-Tag: openssl-3.0.0-beta2~235
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83c2744173a48643a4c3a05e379f7616e4f0cc51;p=thirdparty%2Fopenssl.git

cmp_server.c: Fix check: certConf not allowed after transaction is closed

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)
---

diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index c4ef5fa2037..a7cc38da5af 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -337,7 +337,8 @@ static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
     ccc = req->body->value.certConf;
     num = sk_OSSL_CMP_CERTSTATUS_num(ccc);
 
-    if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1) {
+    if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1
+            || ctx->status != -2 /* transaction not open */) {
         ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF);
         return NULL;
     }