Future proof build_chain() in x509_vfy.c
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 26 Apr 2016 18:17:57 +0000 (14:17 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 27 Apr 2016 18:42:38 +0000 (14:42 -0400)
commit69664d6af0cdd7738f55d10fbbe46cdf15f72e0e
treefda55c65815fb5b568812d84059eefe1b18bed18
parent4c5e6b2cb95a4332829af140e5edba965c9685ce
Future proof build_chain() in x509_vfy.c

Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors
from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init()
is called with a NULL stack of untrusted certificates.

Since ssl_verify_cert_chain() always provideds a non-NULL stack of
untrusted certs, and no other code path enables DANE, the problem
can only happen in applications that use SSL_CTX_set_cert_verify_callback()
to implement their own wrappers around X509_verify_cert() passing
only the leaf certificate to the latter.

Regardless of the "improbability" of the problem, we do need to
ensure that build_chain() handles this case correctly.

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/x509/x509_vfy.c