From c223c4a9ce9b36b352a55e91862e1c6eda533723 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 25 Apr 2016 16:44:19 +0100
Subject: [PATCH] Check that the obtained public key is valid

In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
---
 apps/x509.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/x509.c b/apps/x509.c
index 4bf7cdb9c5..56c6fcca6a 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -943,6 +943,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
     EVP_PKEY *upkey;
 
     upkey = X509_get0_pubkey(xca);
+    if (upkey == NULL) {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
     EVP_PKEY_copy_parameters(upkey, pkey);
 
     xsc = X509_STORE_CTX_new();
-- 
2.25.1