From f13615c5b828aeb8e3d9bf2545c803633d1c684f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 22 Jun 2017 15:25:26 +0100 Subject: [PATCH] Fix OBJ_create() to tolerate a NULL sn and ln In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL. Commit 52832e47 changed that so that it crashed if they were NULL. This was causing problems with the built-in config oid module. If a long name was provided OBJ_create() is initially called with a NULL ln and therefore causes a crash. Fixes #3733 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3753) --- crypto/objects/obj_dat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 2f86cd5e46..f8c1db3c83 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -684,7 +684,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) int ok = 0; /* Check to see if short or long name already present */ - if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) { + if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef) + || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) { OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); return 0; } -- 2.25.1