From eea595ff6b554b3876bab51b2560df5fb0006696 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 25 Apr 2016 16:50:59 +0100 Subject: [PATCH] Check that the obtained public key is valid In the X509 app check that the obtained public key is valid before we attempt to use it. Issue reported by Yuan Jochen Kang. Reviewed-by: Viktor Dukhovni --- apps/x509.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/x509.c b/apps/x509.c index e5fe61087a..0199c55268 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1053,6 +1053,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, EVP_PKEY *upkey; upkey = X509_get_pubkey(xca); + if (upkey == NULL) { + BIO_printf(bio_err, "Error obtaining CA X509 public key\n"); + goto end; + } EVP_PKEY_copy_parameters(upkey, pkey); EVP_PKEY_free(upkey); @@ -1161,6 +1165,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, EVP_PKEY *pktmp; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_save_parameters(pktmp, 1); EVP_PKEY_free(pktmp); -- 2.25.1