From 557a46ad4a6c1681d535c9869fd4bd95df7e07e7 Mon Sep 17 00:00:00 2001
From: jsg <>
Date: Thu, 12 Feb 2015 06:04:24 +0000
Subject: prevent a crash with openssl asn1parse -genstr FORMAT aka
 ASN1_generate_nconf("FORMAT", NULL)

ok krw@ beck@ jsing@
---
 src/lib/libcrypto/asn1/asn1_gen.c         | 6 +++++-
 src/lib/libssl/src/crypto/asn1/asn1_gen.c | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
index 97be43a03a..384088308f 100644
--- a/src/lib/libcrypto/asn1/asn1_gen.c
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.13 2015/02/12 06:04:24 jsg Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
@@ -348,6 +348,10 @@ asn1_cb(const char *elem, int len, void *bitstr)
 		break;
 
 	case ASN1_GEN_FLAG_FORMAT:
+		if (vstart == NULL) {
+			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_FORMAT);
+			return -1;
+		}
 		if (!strncmp(vstart, "ASCII", 5))
 			arg->format = ASN1_GEN_FORMAT_ASCII;
 		else if (!strncmp(vstart, "UTF8", 4))
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_gen.c b/src/lib/libssl/src/crypto/asn1/asn1_gen.c
index 97be43a03a..384088308f 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_gen.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.13 2015/02/12 06:04:24 jsg Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
@@ -348,6 +348,10 @@ asn1_cb(const char *elem, int len, void *bitstr)
 		break;
 
 	case ASN1_GEN_FLAG_FORMAT:
+		if (vstart == NULL) {
+			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_FORMAT);
+			return -1;
+		}
 		if (!strncmp(vstart, "ASCII", 5))
 			arg->format = ASN1_GEN_FORMAT_ASCII;
 		else if (!strncmp(vstart, "UTF8", 4))
-- 
cgit v1.2.3-55-g6feb