Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack

author Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Fri, 29 May 2020 15:10:48 +0000 (17:10 +0200)

committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Sat, 13 Jun 2020 13:13:21 +0000 (15:13 +0200)
author Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Fri, 29 May 2020 15:10:48 +0000 (17:10 +0200)
committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Sat, 13 Jun 2020 13:13:21 +0000 (15:13 +0200)
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c

index bbce90c3261f8d0e234505a9709b18a378e03598..9735a1c0b7d2c1e033cbe78d32ecace3b30eb9ab 100644 (file)
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -23,6 +23,7 @@
  DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
  DEFINE_STACK_OF(OSSL_CMP_ITAV)
  DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(X509)
  DEFINE_STACK_OF(X509_EXTENSION)
  DEFINE_STACK_OF(OSSL_CMP_PKISI)
  DEFINE_STACK_OF(OSSL_CRMF_MSG)
@@ -426,9 +427,12 @@ OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype,
      if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL
              && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL)
          goto err;
-    if (chain != NULL
-            && !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0))
+    if (sk_X509_num(chain) > 0) {
+        msg->extraCerts = sk_X509_new_reserve(NULL, sk_X509_num(chain));
+        if (msg->extraCerts == NULL
+            || !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0))
          goto err;
+    }
  
      if (!unprotectedErrors
              || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection)
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Fri, 29 May 2020 15:10:48 +0000 (17:10 +0200)
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Sat, 13 Jun 2020 13:13:21 +0000 (15:13 +0200)