summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordoug <>2015-07-20 21:52:07 +0000
committerdoug <>2015-07-20 21:52:07 +0000
commit2cf6f9b0b7588cae1dc7e8665914af01dbb60b01 (patch)
tree25126739a619e509907ec2e87867d8788517971a
parent4ab5d1a3a938b0f6aac4adfd45266ea9421ad4f5 (diff)
downloadopenbsd-2cf6f9b0b7588cae1dc7e8665914af01dbb60b01.tar.gz
openbsd-2cf6f9b0b7588cae1dc7e8665914af01dbb60b01.tar.bz2
openbsd-2cf6f9b0b7588cae1dc7e8665914af01dbb60b01.zip
Avoid NULL deref in openssl(1) s_cb.
Fixes Coverity issue 24956. ok bcook@
Diffstat
-rw-r--r--src/usr.bin/openssl/s_cb.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/src/usr.bin/openssl/s_cb.c b/src/usr.bin/openssl/s_cb.c
index 7e89e52104..3bead8236a 100644
--- a/src/usr.bin/openssl/s_cb.c
+++ b/src/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_cb.c,v 1.3 2015/02/08 10:22:45 doug Exp $ */ 1/* $OpenBSD: s_cb.c,v 1.4 2015/07/20 21:52:07 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -166,20 +166,29 @@ verify_callback(int ok, X509_STORE_CTX * ctx)
166 switch (err) { 166 switch (err) {
167 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 167 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
168 BIO_puts(bio_err, "issuer= "); 168 BIO_puts(bio_err, "issuer= ");
169 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 169 if (err_cert == NULL)
170 0, XN_FLAG_ONELINE); 170 BIO_puts(bio_err, "<error getting cert>");
171 else
172 X509_NAME_print_ex(bio_err,
173 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE);
171 BIO_puts(bio_err, "\n"); 174 BIO_puts(bio_err, "\n");
172 break; 175 break;
173 case X509_V_ERR_CERT_NOT_YET_VALID: 176 case X509_V_ERR_CERT_NOT_YET_VALID:
174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 177 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
175 BIO_printf(bio_err, "notBefore="); 178 BIO_printf(bio_err, "notBefore=");
176 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 179 if (err_cert == NULL)
180 BIO_printf(bio_err, " <error getting cert>");
181 else
182 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
177 BIO_printf(bio_err, "\n"); 183 BIO_printf(bio_err, "\n");
178 break; 184 break;
179 case X509_V_ERR_CERT_HAS_EXPIRED: 185 case X509_V_ERR_CERT_HAS_EXPIRED:
180 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 186 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
181 BIO_printf(bio_err, "notAfter="); 187 BIO_printf(bio_err, "notAfter=");
182 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 188 if (err_cert == NULL)
189 BIO_printf(bio_err, " <error getting cert>");
190 else
191 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
183 BIO_printf(bio_err, "\n"); 192 BIO_printf(bio_err, "\n");
184 break; 193 break;
185 case X509_V_ERR_NO_EXPLICIT_POLICY: 194 case X509_V_ERR_NO_EXPLICIT_POLICY:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:00:26 +0000