summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorclaudio <>2021-10-06 08:29:41 +0000
committerclaudio <>2021-10-06 08:29:41 +0000
commit2d090f15011c9243edd7e36c5047318af3813a4a (patch)
tree06ce7617c371f70b4aaefa603932ce5308161f64 /src
parent9ab56e0915b87487fccad821e2b50897e82c01f3 (diff)
downloadopenbsd-2d090f15011c9243edd7e36c5047318af3813a4a.tar.gz
openbsd-2d090f15011c9243edd7e36c5047318af3813a4a.tar.bz2
openbsd-2d090f15011c9243edd7e36c5047318af3813a4a.zip
X509_STORE_CTX_init() allows the store to be NULL on init. Add checks
for a NULL ctx->ctx in the lookup functions using X509_STORE_CTX. This affects X509_STORE_get1_certs(), X509_STORE_get1_crls(), X509_STORE_CTX_get1_issuer() and X509_STORE_get_by_subject(). With this X509_verify_cert() no longer crashes with a NULL store. With and OK tb@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509_lu.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index f21103c700..315eddf612 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_lu.c,v 1.30 2018/08/24 19:21:09 tb Exp $ */ 1/* $OpenBSD: x509_lu.c,v 1.31 2021/10/06 08:29:41 claudio Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -312,6 +312,9 @@ X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
312 X509_OBJECT stmp, *tmp; 312 X509_OBJECT stmp, *tmp;
313 int i, j; 313 int i, j;
314 314
315 if (ctx == NULL)
316 return 0;
317
315 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 318 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
316 tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); 319 tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
317 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); 320 CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
@@ -561,6 +564,8 @@ X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
561 X509 *x; 564 X509 *x;
562 X509_OBJECT *obj; 565 X509_OBJECT *obj;
563 566
567 if (ctx->ctx == NULL)
568 return NULL;
564 sk = sk_X509_new_null(); 569 sk = sk_X509_new_null();
565 if (sk == NULL) 570 if (sk == NULL)
566 return NULL; 571 return NULL;
@@ -610,6 +615,8 @@ X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
610 X509_CRL *x; 615 X509_CRL *x;
611 X509_OBJECT *obj, xobj; 616 X509_OBJECT *obj, xobj;
612 617
618 if (ctx->ctx == NULL)
619 return NULL;
613 sk = sk_X509_CRL_new_null(); 620 sk = sk_X509_CRL_new_null();
614 if (sk == NULL) 621 if (sk == NULL)
615 return NULL; 622 return NULL;
@@ -718,6 +725,9 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
718 } 725 }
719 X509_OBJECT_free_contents(&obj); 726 X509_OBJECT_free_contents(&obj);
720 727
728 if (ctx->ctx == NULL)
729 return 0;
730
721 /* Else find index of first cert accepted by 'check_issued' */ 731 /* Else find index of first cert accepted by 'check_issued' */
722 ret = 0; 732 ret = 0;
723 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); 733 CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 13:39:39 +0000