From 16fac03de5678addc82bd224e2bc157fc1767254 Mon Sep 17 00:00:00 2001
From: otherddn1978 <other_ddn@mail.ru>
Date: Thu, 26 Dec 2024 13:26:34 +0300
Subject: [PATCH] =?utf8?q?If=20you=20call=20X509=5Fadd=5Fcert=20with=20cer?=
 =?utf8?q?t=20=3D=3D=20NULL=20and=20the=20X509=5FADD=5FFLAG=5FUP=5FREF=20f?=
 =?utf8?q?lag,=20it=20will=20=D1=81rash=20to=20X509=5Fup=5Fref.=20=20Passi?=
 =?utf8?q?ng=20NULL=20here=20is=20not=20valid,=20return=200=20if=20cert=20?=
 =?utf8?q?=3D=3D=20NULL.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)

(cherry picked from commit 3c7db9e0fdf4706d91cedf5fca70b609bdc1677e)
---
 crypto/x509/x509_cmp.c     | 2 ++
 doc/man3/X509_add_cert.pod | 1 +
 2 files changed, 3 insertions(+)

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 7094280d485..84e270c725f 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags)
         ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
+    if (cert == NULL)
+        return 0;
     if ((flags & X509_ADD_FLAG_NO_DUP) != 0) {
         /*
          * not using sk_X509_set_cmp_func() and sk_X509_find()
diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod
index a4f3ea50324..2b38830eb17 100644
--- a/doc/man3/X509_add_cert.pod
+++ b/doc/man3/X509_add_cert.pod
@@ -16,6 +16,7 @@ X509 certificate list addition functions
 =head1 DESCRIPTION
 
 X509_add_cert() adds a certificate I<cert> to the given list I<sk>.
+It is an error for the I<cert> argument to be NULL.
 
 X509_add_certs() adds a list of certificate I<certs> to the given list I<sk>.
 The I<certs> argument may be NULL, which implies no effect.
-- 
2.47.2