openssl/crypto/x509
Viktor Dukhovni 69664d6af0 Future proof build_chain() in x509_vfy.c
Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors
from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init()
is called with a NULL stack of untrusted certificates.

Since ssl_verify_cert_chain() always provideds a non-NULL stack of
untrusted certs, and no other code path enables DANE, the problem
can only happen in applications that use SSL_CTX_set_cert_verify_callback()
to implement their own wrappers around X509_verify_cert() passing
only the leaf certificate to the latter.

Regardless of the "improbability" of the problem, we do need to
ensure that build_chain() handles this case correctly.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-27 14:42:38 -04:00
..
build.info move x_pubkey.c to crypto/x509 2016-03-22 15:28:11 +00:00
by_dir.c Remove use of the old CRYPTO_LOCK_X5O9_STORE 2016-03-09 12:41:39 +00:00
by_file.c Make many X509_xxx types opaque. 2016-04-15 13:21:43 -04:00
t_crl.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
t_req.c Remove #error from include files. 2016-03-20 19:48:36 -04:00
t_x509.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_att.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_cmp.c Make X509_PUBKEY opaque 2016-03-22 15:28:11 +00:00
x509_d2.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_def.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_err.c Make many X509_xxx types opaque. 2016-04-15 13:21:43 -04:00
x509_ext.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_lcl.h Make many X509_xxx types opaque. 2016-04-15 13:21:43 -04:00
x509_lu.c GH975 Add ex_data functions for X509_STORE 2016-04-27 08:23:53 -04:00
x509_obj.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_r2x.c Use X509_REQ_get0_pubkey 2016-04-04 20:38:14 +02:00
x509_req.c Add X509_REQ_get0_pubkey method 2016-04-04 20:38:11 +02:00
x509_set.c Convert CRYPTO_LOCK_X509_* to new multi-threading API 2016-03-08 11:10:34 -05:00
x509_trs.c Compat self-signed trust with reject-only aux data 2016-01-31 21:24:12 -05:00
x509_txt.c Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
x509_v3.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509_vfy.c Future proof build_chain() in x509_vfy.c 2016-04-27 14:42:38 -04:00
x509_vpm.c Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
x509cset.c Convert CRYPTO_LOCK_X509_* to new multi-threading API 2016-03-08 11:10:34 -05:00
x509name.c GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
x509rset.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509spki.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x509type.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x_all.c Fix no-ocsp 2016-04-06 14:57:45 +01:00
x_attrib.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x_crl.c Convert CRYPTO_LOCK_X509_* to new multi-threading API 2016-03-08 11:10:34 -05:00
x_exten.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
x_name.c GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
x_pubkey.c Fix X509_PUBKEY cached key handling. 2016-04-02 17:34:27 +01:00
x_req.c Convert CRYPTO_LOCK_X509_* to new multi-threading API 2016-03-08 11:10:34 -05:00
x_x509.c Ensure we check i2d_X509 return val 2016-04-26 14:29:54 +01:00
x_x509a.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00