summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorotherddn1978 <other_ddn@mail.ru>2024-12-26 11:26:34 +0100
committerViktor Dukhovni <openssl-users@dukhovni.org>2025-01-20 08:22:48 +0100
commit3c7db9e0fdf4706d91cedf5fca70b609bdc1677e (patch)
tree4367209dd0241d3dc60fc1714b5204d65d8b7bd9
parentFix documentation of OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (diff)
downloadopenssl-3c7db9e0fdf4706d91cedf5fca70b609bdc1677e.tar.xz
openssl-3c7db9e0fdf4706d91cedf5fca70b609bdc1677e.zip
If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF
flag, it will сrash to X509_up_ref. Passing NULL here is not valid, return 0 if cert == NULL. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26267)
-rw-r--r--crypto/x509/x509_cmp.c2
-rw-r--r--doc/man3/X509_add_cert.pod1
2 files changed, 3 insertions, 0 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 7094280d48..84e270c725 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags)
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
+ if (cert == NULL)
+ return 0;
if ((flags & X509_ADD_FLAG_NO_DUP) != 0) {
/*
* not using sk_X509_set_cmp_func() and sk_X509_find()
diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod
index a4f3ea5032..2b38830eb1 100644
--- a/doc/man3/X509_add_cert.pod
+++ b/doc/man3/X509_add_cert.pod
@@ -16,6 +16,7 @@ X509 certificate list addition functions
=head1 DESCRIPTION
X509_add_cert() adds a certificate I<cert> to the given list I<sk>.
+It is an error for the I<cert> argument to be NULL.
X509_add_certs() adds a list of certificate I<certs> to the given list I<sk>.
The I<certs> argument may be NULL, which implies no effect.