From 27bf6a2f2cc0ffac7a65a7e91fde522780032876 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Fri, 11 Feb 2022 17:39:37 +0000 Subject: Add missing error check for a2i_GENERAL_NAME() Fixes a segfault reported by Volker Schlecht. ok jsing --- lib/libcrypto/x509/x509_alt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/libcrypto') diff --git a/lib/libcrypto/x509/x509_alt.c b/lib/libcrypto/x509/x509_alt.c index 9dbca9d1e91..52d30f91e8b 100644 --- a/lib/libcrypto/x509/x509_alt.c +++ b/lib/libcrypto/x509/x509_alt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_alt.c,v 1.6 2022/02/11 17:37:54 tb Exp $ */ +/* $OpenBSD: x509_alt.c,v 1.7 2022/02/11 17:39:36 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -649,6 +649,8 @@ v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, } ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + if (ret == NULL) + return NULL; /* Validate what we have for sanity */ type = x509_constraints_general_to_bytes(ret, &bytes, &len); -- cgit v1.2.3