generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

SSL_check_chain fix

Browse Source 
If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY
or the type of the public key is unrecognised then the local variable
|cpk| in tls1_check_chain does not get initialised. Subsequently an
attempt is made to deref it (after the "end" label), and a seg fault will
result.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit d813f9eb38)
This commit is contained in:
Matt Caswell 2015-03-11 17:01:38 +00:00
parent 8e91b3d991
commit 327de270d5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/t1_lib.c
View File

@ -4126,10 +4126,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
# endif # endif
} else { } else {
if (!x || !pk) if (!x || !pk)
goto end; return 0;
idx = ssl_cert_type(x, pk); idx = ssl_cert_type(x, pk);
if (idx == -1) if (idx == -1)
goto end; return 0;
cpk = c->pkeys + idx; cpk = c->pkeys + idx;
if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
check_flags = CERT_PKEY_STRICT_FLAGS; check_flags = CERT_PKEY_STRICT_FLAGS;