From a9d928a8b60c13d6a6475294deb56ba92fc6fbac Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 10 Sep 2014 11:43:45 -0400 Subject: [PATCH] RT2560: missing NULL check in ocsp_req_find_signer If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson (cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb) --- crypto/ocsp/ocsp_vfy.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 276718304d..fc0d4cc0f5 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm if(!(flags & OCSP_NOINTERN)) { signer = X509_find_by_subject(req->optionalSignature->certs, nm); - *psigner = signer; - return 1; + if (signer) + { + *psigner = signer; + return 1; + } } signer = X509_find_by_subject(certs, nm); -- 2.25.1