[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Thu Apr 19 08:03:33 UTC 2018 

The branch OpenSSL_1_0_2-stable has been updated
       via  5e80a5da0320b90c6af29195e168ec6e22de2caf (commit)
      from  c6c7bb010770cbf7d818d0ef8f5628decaa7e037 (commit)


- Log -----------------------------------------------------------------
commit 5e80a5da0320b90c6af29195e168ec6e22de2caf
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Apr 18 14:20:29 2018 +0100

    Don't crash if there are no trusted certs
    
    The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the
    X509_STORE. Therefore we shouldn't crash if we subsequently call
    X509_verify_cert() and no X509_STORE has been set.
    
    Fixes #2462
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6003)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_lu.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index b742480..3d18ea9 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -311,7 +311,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
     X509_OBJECT stmp, *tmp;
     int i, j;
 
+    if (ctx == NULL)
+        return 0;
+
     CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
     CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
 
@@ -506,6 +510,10 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
     STACK_OF(X509) *sk;
     X509 *x;
     X509_OBJECT *obj;
+
+    if (ctx->ctx == NULL)
+        return NULL;
+
     sk = sk_X509_new_null();
     CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
     idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
@@ -551,6 +559,11 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
     STACK_OF(X509_CRL) *sk;
     X509_CRL *x;
     X509_OBJECT *obj, xobj;
+
+
+    if (ctx->ctx == NULL)
+        return NULL;
+
     sk = sk_X509_CRL_new_null();
     CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
 
@@ -651,6 +664,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
     }
     X509_OBJECT_free_contents(&obj);
 
+    if (ctx->ctx == NULL)
+        return 0;
+
     /* Else find index of first cert accepted by 'check_issued' */
     ret = 0;
     CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

More information about the openssl-commits mailing list