projects / platform / upstream / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c1c0f06)
RT2560: missing NULL check in ocsp_req_find_signer
authorRich Salz <rsalz@openssl.org>
Wed, 10 Sep 2014 15:43:45 +0000 (11:43 -0400)
committerJanusz Kozerski <j.kozerski@samsung.com>
Mon, 20 Oct 2014 13:26:05 +0000 (15:26 +0200)
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)

crypto/ocsp/ocsp_vfy.c patch | blob | history

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 2767183..fc0d4cc 100644 (file)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
        if(!(flags & OCSP_NOINTERN))
                {
                signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-               *psigner = signer;
-               return 1;
+               if (signer)
+                       {
+                       *psigner = signer;
+                       return 1;
+                       }
                }
 
        signer = X509_find_by_subject(certs, nm);
Domain: Security / Utilities;