wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SSL_check_chain fix

Browse source 
If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY
or the type of the public key is unrecognised then the local variable
|cpk| in tls1_check_chain does not get initialised. Subsequently an
attempt is made to deref it (after the "end" label), and a seg fault will
result.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This commit is contained in:
Matt Caswell 2015-03-11 17:01:38 +00:00
parent c5f2b5336a
commit d813f9eb38
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ssl/t1_lib.c
View file

@ -3910,10 +3910,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
# endif
} else {
if (!x || !pk)
goto end;
return 0;
idx = ssl_cert_type(x, pk);
if (idx == -1)
goto end;
return 0;
cpk = c->pkeys + idx;
if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
check_flags = CERT_PKEY_STRICT_FLAGS;