[openssl] OpenSSL_1_1_0-stable update

Dr. Paul Dale pauli at openssl.org
Mon Jul 8 23:45:43 UTC 2019


The branch OpenSSL_1_1_0-stable has been updated
       via  04151456b9d896a7825a5ac77c0310c97fa5f650 (commit)
      from  d9b6a51e926bfd1f86eac9de5dcbc28541fcf99f (commit)


- Log -----------------------------------------------------------------
commit 04151456b9d896a7825a5ac77c0310c97fa5f650
Author: Pauli <paul.dale at oracle.com>
Date:   Mon Jul 8 13:39:20 2019 +1000

    Avoid NULL pointer dereference.
    
    [manual merge from #9059 to 1.1.0]
    
    Fixes: #9043
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/9322)

-----------------------------------------------------------------------

Summary of changes:
 apps/req.c             | 14 ++++++++++++--
 crypto/x509/t_req.c    |  4 ++++
 crypto/x509/x509_err.c |  3 ++-
 include/openssl/x509.h |  1 +
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/apps/req.c b/apps/req.c
index a20e7c1..863c287 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -743,9 +743,19 @@ int req_main(int argc, char **argv)
 
     if (text) {
         if (x509)
-            X509_print_ex(out, x509ss, nmflag, reqflag);
+            ret = X509_print_ex(out, x509ss, nmflag, reqflag);
         else
-            X509_REQ_print_ex(out, req, nmflag, reqflag);
+            ret = X509_REQ_print_ex(out, req, nmflag, reqflag);
+
+        if (ret == 0) {
+            if (x509)
+                BIO_printf(bio_err, "Error printing certificate\n");
+            else
+                BIO_printf(bio_err, "Error printing certificate request\n");
+
+            ERR_print_errors(bio_err);
+            goto end;
+        }
     }
 
     if (subject) {
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 77ce810..3207dfa 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -125,6 +125,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                 if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
                     ii = 0;
                     count = X509_ATTRIBUTE_count(a);
+                    if (count == 0) {
+                        X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES);
+                        return 0;
+                    }
  get_next:
                     at = X509_ATTRIBUTE_get0_type(a, ii);
                     type = at->type;
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 9f91188..e1a3364 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -97,6 +97,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
     {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
     {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
     {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_REASON(X509_R_INVALID_ATTRIBUTES), "invalid attributes"},
     {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
     {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
     {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 780386d..75b39d1 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1092,6 +1092,7 @@ int ERR_load_X509_strings(void);
 # define X509_R_CRL_ALREADY_DELTA                         127
 # define X509_R_CRL_VERIFY_FAILURE                        131
 # define X509_R_IDP_MISMATCH                              128
+# define X509_R_INVALID_ATTRIBUTES                        135
 # define X509_R_INVALID_DIRECTORY                         113
 # define X509_R_INVALID_FIELD_NAME                        119
 # define X509_R_INVALID_TRUST                             123


More information about the openssl-commits mailing list