[openssl-commits] [openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Wed Oct 17 10:03:31 UTC 2018 

The branch master has been updated
       via  aeec793b4bee929cef8ae35ec4b5a783a6e1d7ed (commit)
      from  92ebf6c4c21ff4b41ba1fd69af74b2039e138114 (commit)


- Log -----------------------------------------------------------------
commit aeec793b4bee929cef8ae35ec4b5a783a6e1d7ed
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Tue Oct 16 23:50:16 2018 +0200

    Fix: 'openssl ca' command crashes when used with 'rand_serial' option
    
    Commit ffb46830e2df introduced the 'rand_serial' option. When it is used,
    the 'serialfile' does not get initialized, i.e. it remains a NULL pointer.
    This causes a crash when the NULL pointer is passed to the rotate_serial()
    call.
    
    This commit fixes the crash and unifies the pointer checking before
    calling the rotate_serial() and save_serial() commands.
    
    Fixes #7412
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7417)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 847809a..69207c0 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -976,7 +976,7 @@ end_of_options:
             BIO_printf(bio_err, "Write out database with %d new entries\n",
                        sk_X509_num(cert_sk));
 
-            if (!rand_ser
+            if (serialfile != NULL
                     && !save_serial(serialfile, "new", serial, NULL))
                 goto end;
 
@@ -1044,7 +1044,8 @@ end_of_options:
 
         if (sk_X509_num(cert_sk)) {
             /* Rename the database and the serial file */
-            if (!rotate_serial(serialfile, "new", "old"))
+            if (serialfile != NULL
+                    && !rotate_serial(serialfile, "new", "old"))
                 goto end;
 
             if (!rotate_index(dbfile, "new", "old"))
@@ -1177,10 +1178,9 @@ end_of_options:
         }
 
         /* we have a CRL number that need updating */
-        if (crlnumberfile != NULL)
-            if (!rand_ser
-                    && !save_serial(crlnumberfile, "new", crlnumber, NULL))
-                goto end;
+        if (crlnumberfile != NULL
+                && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+            goto end;
 
         BN_free(crlnumber);
         crlnumber = NULL;
@@ -1195,9 +1195,10 @@ end_of_options:
 
         PEM_write_bio_X509_CRL(Sout, crl);
 
-        if (crlnumberfile != NULL) /* Rename the crlnumber file */
-            if (!rotate_serial(crlnumberfile, "new", "old"))
-                goto end;
+        /* Rename the crlnumber file */
+        if (crlnumberfile != NULL
+                && !rotate_serial(crlnumberfile, "new", "old"))
+            goto end;
 
     }
     /*****************************************************************/

More information about the openssl-commits mailing list