SSL_check_chain fix

If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: N Dr. Stephen Henson <steve@openssl.org>

SSL_check_chain fix
If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: N Dr. Stephen Henson <steve@openssl.org>
d813f9eb · Matt Caswell · c5f2b533 · d813f9eb
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

ssl/t1_lib.c ssl/t1_lib.c +2 -2

未找到文件。
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3910,10 +3910,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
 # endif
    } else {
        if (!x || !pk)
-            goto end;
+            return 0;
        idx = ssl_cert_type(x, pk);
        if (idx == -1)
-            goto end;
+            return 0;
        cpk = c->pkeys + idx;
        if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
            check_flags = CERT_PKEY_STRICT_FLAGS;