Commit d813f9eb authored Mar 11, 2015 by Matt Caswell

SSL_check_chain fix



If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY
or the type of the public key is unrecognised then the local variable
|cpk| in tls1_check_chain does not get initialised. Subsequently an
attempt is made to deref it (after the "end" label), and a seg fault will
result.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

parent c5f2b533

ssl/t1_lib.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -3910,10 +3910,10 @@ int tls1_check_chain(SSL s, X509 x, EVP_PKEY pk, STACK_OF(X509) chain,
		# endif
		} else {
		if (!x \|\| !pk)
		goto end;
		return 0;
		idx = ssl_cert_type(x, pk);
		if (idx == -1)
		goto end;
		return 0;
		cpk = c->pkeys + idx;
		if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
		check_flags = CERT_PKEY_STRICT_FLAGS;