[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Jan 22 10:18:23 UTC 2018
The branch master has been updated
via 1e05c6d07ff963107286d028f6778d2ccc863a9a (commit)
via e505f1e86874acfd98826d64c53bf2ddfd9c1399 (commit)
from 154d8c132fbe22a248f95e95ef21f1840451da62 (commit)
- Log -----------------------------------------------------------------
commit 1e05c6d07ff963107286d028f6778d2ccc863a9a
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 19 14:48:45 2018 +0000
Don't crash on a missing Subject in index.txt
An index.txt entry which has an empty Subject name field will cause ca
to crash. Therefore check it when we load it to make sure its not empty.
Fixes #5109
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5114)
commit e505f1e86874acfd98826d64c53bf2ddfd9c1399
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 19 14:34:56 2018 +0000
Don't allow an empty Subject when creating a Certificate
Misconfiguration (e.g. an empty policy section in the config file) can
lead to an empty Subject. Since certificates should have unique Subjects
this should not be allowed.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5114)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/apps/ca.c b/apps/ca.c
index ea2750a..9b1d9bd 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -663,6 +663,10 @@ end_of_options:
goto end;
}
}
+ if (pp[DB_name][0] == '\0') {
+ BIO_printf(bio_err, "entry %d: bad Subject\n", i + 1);
+ goto end;
+ }
}
if (verbose) {
TXT_DB_write(bio_out, db->db);
@@ -1403,6 +1407,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
name = X509_REQ_get_subject_name(req);
+ if (X509_NAME_entry_count(name) == 0) {
+ BIO_printf(bio_err, "Error: The supplied Subject is empty\n");
+ goto end;
+ }
for (i = 0; i < X509_NAME_entry_count(name); i++) {
ne = X509_NAME_get_entry(name, i);
str = X509_NAME_ENTRY_get_data(ne);
@@ -1565,6 +1573,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto end;
}
+ if (X509_NAME_entry_count(subject) == 0) {
+ BIO_printf(bio_err,
+ "Error: After applying policy the Subject is empty\n");
+ goto end;
+ }
+
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
More information about the openssl-commits
mailing list