RT2560: missing NULL check in ocsp_req_find_signer
authorRich Salz <rsalz@openssl.org>
Wed, 10 Sep 2014 15:43:45 +0000 (11:43 -0400)
committerRich Salz <rsalz@openssl.org>
Wed, 10 Sep 2014 16:20:15 +0000 (12:20 -0400)
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)

crypto/ocsp/ocsp_vfy.c

index 276718304dd211d4be989fb750d8c95ff792feff..fc0d4cc0f5f785f688a1242ab12c9202532d298b 100644 (file)
@@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
        if(!(flags & OCSP_NOINTERN))
                {
                signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-               *psigner = signer;
-               return 1;
+               if (signer)
+                       {
+                       *psigner = signer;
+                       return 1;
+                       }
                }
 
        signer = X509_find_by_subject(certs, nm);