From: Gert Doering <gert@greenie.muc.de>
Date: Thu, 27 Nov 2025 11:35:12 +0000 (+0100)
Subject: extract_x509_field_ssl(): verify that X509_NAME is not NULL.
X-Git-Tag: v2.7_rc3~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f18e3141fae709fff47b82d7931024249ba09cc1;p=thirdparty%2Fopenvpn.git

extract_x509_field_ssl(): verify that X509_NAME is not NULL.

This seems to be unlikely to ever happen, but this check won't harm
- as a matter of coding convention, we do not ensure this inside
extract_x509_field_ssl(), but in the (single) caller.

While at it, fix pre-C99 local-variable indent block, and missing {}
block in else/#endif construction.

Reported-By: Joshua Rogers <contact@joshua.hu>
Found-by: ZeroPath (https://zeropath.com/)

Change-Id: I1e9c7eee06bf5f2e8aed8cd2523684539294ac8b
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Antonio Quartulli <antonio@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1388
Message-Id: <20251127113517.1352-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34748.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 40d117bbc..6cb04ee7c 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -202,8 +202,8 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, size_
     X509_NAME_ENTRY *x509ne = NULL;
     ASN1_STRING *asn1 = NULL;
     unsigned char *buf = NULL;
-    ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
 
+    ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
     if (field_name_obj == NULL)
     {
         msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name);
@@ -244,11 +244,9 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, size_
 
     strncpynt(out, (char *)buf, size);
 
-    {
-        const result_t ret = (strlen((char *)buf) < size) ? SUCCESS : FAILURE;
-        OPENSSL_free(buf);
-        return ret;
-    }
+    const result_t ret = (strlen((char *)buf) < size) ? SUCCESS : FAILURE;
+    OPENSSL_free(buf);
+    return ret;
 }
 
 result_t
@@ -278,12 +276,21 @@ backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_
     }
     else
 #endif /* ifdef ENABLE_X509ALTUSERNAME */
+    {
+        X509_NAME *x509_subject_name = X509_get_subject_name(peer_cert);
+        if (x509_subject_name == NULL)
+        {
+            msg(D_TLS_ERRORS, "X509 subject name is NULL");
+            return FAILURE;
+        }
+
         if (FAILURE
-            == extract_x509_field_ssl(X509_get_subject_name(peer_cert), x509_username_field,
+            == extract_x509_field_ssl(x509_subject_name, x509_username_field,
                                       common_name, cn_len))
         {
             return FAILURE;
         }
+    }
 
     return SUCCESS;
 }