From: Matt Caswell <matt@openssl.org>
Date: Mon, 8 Apr 2019 10:22:37 +0000 (+0100)
Subject: Fix crash in X509_STORE_CTX_get_by_subject
X-Git-Tag: OpenSSL_1_1_1c~59
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0c45bd8dae287a286583dca682eafcfa5a5d4469;p=oweals%2Fopenssl.git

Fix crash in X509_STORE_CTX_get_by_subject

If using a custom X509_LOOKUP_METHOD then calls to
X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised
X509_OBJECT being passed to the callback get_by_subject function.

Fixes #8673

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8698)

(cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17)
---

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index be39015b0d..eaf6a8e2f2 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
     if (ctx == NULL)
         return 0;
 
+    stmp.type = X509_LU_NONE;
+    stmp.data.ptr = NULL;
+
     CRYPTO_THREAD_write_lock(ctx->lock);
     tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
     CRYPTO_THREAD_unlock(ctx->lock);