From 21220998f33adaa1d29f80b6946170458e97fa9a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 16 Apr 2015 00:21:05 +0100 Subject: [PATCH] Reject empty generation strings. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reported by Hanno Böck Reviewed-by: Rich Salz (cherry picked from commit 111b60bea01d234b5873488c19ff2b9c5d4d58e9) Conflicts: crypto/asn1/asn1_gen.c --- crypto/asn1/asn1_gen.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 132a9ef468..e303d11993 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -152,8 +152,10 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) asn1_tags.imp_class = -1; asn1_tags.format = ASN1_GEN_FORMAT_ASCII; asn1_tags.exp_count = 0; - if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) + if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { + *perr = ASN1_R_UNKNOWN_TAG; return NULL; + } if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) { @@ -279,6 +281,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr) int tmp_tag, tmp_class; + if (elem == NULL) + return -1; + for (i = 0, p = elem; i < len; p++, i++) { /* Look for the ':' in name value pairs */ if (*p == ':') { -- 2.25.1