From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 7 Dec 2020 12:28:39 +0000 (+0100)
Subject: X509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which may be... 
X-Git-Tag: openssl-3.0.0-alpha10~92
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f902716f24ab13a02ab501fde9428f996fd4b0cd;p=thirdparty%2Fopenssl.git

X509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which may be NULL

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)
---

diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c
index 47b626659c7..1f424325a08 100644
--- a/crypto/x509/v3_conf.c
+++ b/crypto/x509/v3_conf.c
@@ -305,7 +305,7 @@ static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
 
 /*
  * This is the main function: add a bunch of extensions based on a config
- * file section to an extension STACK.
+ * file section to an extension STACK. Just check in case sk == NULL.
  */
 
 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
@@ -323,9 +323,9 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
         if ((ext = X509V3_EXT_nconf_int(conf, ctx, val->section,
                                         val->name, val->value)) == NULL)
             return 0;
-        if (ctx->flags == X509V3_CTX_REPLACE)
-            delete_ext(*sk, ext);
         if (sk != NULL) {
+            if (ctx->flags == X509V3_CTX_REPLACE)
+                delete_ext(*sk, ext);
             if (X509v3_add_ext(sk, ext, -1) == NULL) {
                 X509_EXTENSION_free(ext);
                 return 0;