diff options
author | otherddn1978 <other_ddn@mail.ru> | 2024-12-26 11:26:34 +0100 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2025-01-20 08:22:48 +0100 |
commit | 3c7db9e0fdf4706d91cedf5fca70b609bdc1677e (patch) | |
tree | 4367209dd0241d3dc60fc1714b5204d65d8b7bd9 | |
parent | Fix documentation of OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION (diff) | |
download | openssl-3c7db9e0fdf4706d91cedf5fca70b609bdc1677e.tar.xz openssl-3c7db9e0fdf4706d91cedf5fca70b609bdc1677e.zip |
If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF
flag, it will сrash to X509_up_ref. Passing NULL here is not valid,
return 0 if cert == NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)
-rw-r--r-- | crypto/x509/x509_cmp.c | 2 | ||||
-rw-r--r-- | doc/man3/X509_add_cert.pod | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 7094280d48..84e270c725 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags) ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (cert == NULL) + return 0; if ((flags & X509_ADD_FLAG_NO_DUP) != 0) { /* * not using sk_X509_set_cmp_func() and sk_X509_find() diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod index a4f3ea5032..2b38830eb1 100644 --- a/doc/man3/X509_add_cert.pod +++ b/doc/man3/X509_add_cert.pod @@ -16,6 +16,7 @@ X509 certificate list addition functions =head1 DESCRIPTION X509_add_cert() adds a certificate I<cert> to the given list I<sk>. +It is an error for the I<cert> argument to be NULL. X509_add_certs() adds a list of certificate I<certs> to the given list I<sk>. The I<certs> argument may be NULL, which implies no effect. |