The branch OpenSSL_1_1_0-stable has been updated
via 04151456b9d896a7825a5ac77c0310c97fa5f650 (commit)
from d9b6a51e926bfd1f86eac9de5dcbc28541fcf99f (commit)
- Log -----------------------------------------------------------------
commit 04151456b9d896a7825a5ac77c0310c97fa5f650
Author: Pauli <paul.d...@oracle.com>
Date: Mon Jul 8 13:39:20 2019 +1000
Avoid NULL pointer dereference.
[manual merge from #9059 to 1.1.0]
Fixes: #9043
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9322)
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 14 ++++++++++++--
crypto/x509/t_req.c | 4 ++++
crypto/x509/x509_err.c | 3 ++-
include/openssl/x509.h | 1 +
4 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index a20e7c1..863c287 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -743,9 +743,19 @@ int req_main(int argc, char **argv)
if (text) {
if (x509)
- X509_print_ex(out, x509ss, nmflag, reqflag);
+ ret = X509_print_ex(out, x509ss, nmflag, reqflag);
else
- X509_REQ_print_ex(out, req, nmflag, reqflag);
+ ret = X509_REQ_print_ex(out, req, nmflag, reqflag);
+
+ if (ret == 0) {
+ if (x509)
+ BIO_printf(bio_err, "Error printing certificate\n");
+ else
+ BIO_printf(bio_err, "Error printing certificate request\n");
+
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
if (subject) {
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 77ce810..3207dfa 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -125,6 +125,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long
nmflags,
if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
ii = 0;
count = X509_ATTRIBUTE_count(a);
+ if (count == 0) {
+ X509err(X509_F_X509_REQ_PRINT_EX,
X509_R_INVALID_ATTRIBUTES);
+ return 0;
+ }
get_next:
at = X509_ATTRIBUTE_get0_type(a, ii);
type = at->type;
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 9f91188..e1a3364 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -97,6 +97,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
{ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"},
{ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"},
{ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"},
+ {ERR_REASON(X509_R_INVALID_ATTRIBUTES), "invalid attributes"},
{ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
{ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
{ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 780386d..75b39d1 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1092,6 +1092,7 @@ int ERR_load_X509_strings(void);
# define X509_R_CRL_ALREADY_DELTA 127
# define X509_R_CRL_VERIFY_FAILURE 131
# define X509_R_IDP_MISMATCH 128
+# define X509_R_INVALID_ATTRIBUTES 135
# define X509_R_INVALID_DIRECTORY 113
# define X509_R_INVALID_FIELD_NAME 119
# define X509_R_INVALID_TRUST 123
