From f681a5a63acd72d47e3469699cb30955a22010f0 Mon Sep 17 00:00:00 2001 From: inoguchi <> Date: Sat, 22 Jan 2022 00:31:23 +0000 Subject: X509_GET_PUBKEY(3) return value check in libcrypto ok beck@ tb@ --- src/lib/libcrypto/ct/ct_sct.c | 5 +++-- src/lib/libcrypto/ocsp/ocsp_lib.c | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/ct/ct_sct.c b/src/lib/libcrypto/ct/ct_sct.c index 9ba7c4b5cb..a05b0f92a2 100644 --- a/src/lib/libcrypto/ct/ct_sct.c +++ b/src/lib/libcrypto/ct/ct_sct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ct_sct.c,v 1.7 2021/12/18 16:34:52 tb Exp $ */ +/* $OpenBSD: ct_sct.c,v 1.8 2022/01/22 00:29:59 inoguchi Exp $ */ /* * Written by Rob Stradling (rob@comodo.com), Stephen Henson (steve@openssl.org) * and Adam Eijdenberg (adam.eijdenberg@gmail.com) for the OpenSSL project 2016. @@ -411,7 +411,8 @@ SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) goto end; } - issuer_pkey = X509_get0_pubkey(ctx->issuer); + if ((issuer_pkey = X509_get0_pubkey(ctx->issuer)) == NULL) + goto err; if (X509_PUBKEY_set(&pub, issuer_pkey) != 1) goto err; diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c index 8081a1ce85..09bccc0cfd 100644 --- a/src/lib/libcrypto/ocsp/ocsp_lib.c +++ b/src/lib/libcrypto/ocsp/ocsp_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_lib.c,v 1.24 2022/01/07 09:45:52 tb Exp $ */ +/* $OpenBSD: ocsp_lib.c,v 1.25 2022/01/22 00:31:23 inoguchi Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -96,7 +96,9 @@ OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) iname = X509_get_subject_name(issuer); serial = NULL; } - ikey = X509_get0_pubkey_bitstr(issuer); + if ((ikey = X509_get0_pubkey_bitstr(issuer)) == NULL) + return NULL; + return OCSP_cert_id_new(dgst, iname, ikey, serial); } -- cgit v1.2.3-55-g6feb