dane: Added sanity check in dane_verify_crt_raw()

That allows calling the function will an empty chain.
Reported by Simon Arlott.

diff --git a/libdane/dane.c b/libdane/dane.c
index 50e6dd03eba1b8c49306b7c69b27abb359bf79c6..88a0b8b4a97bded1398fcd9582d880940bec4f9c 100644 (file)
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -646,6 +646,9 @@ dane_verify_crt_raw(dane_state_t s,
        if (chain_type != GNUTLS_CRT_X509)
                return gnutls_assert_val(DANE_E_INVALID_REQUEST);
 
+       if (chain_size == 0)
+               return gnutls_assert_val(DANE_E_NO_CERT);
+
        *verify = 0;
        idx = 0;
        do {