Fill in transactionID on any error in OSSL_CMP_SRV_process_request()
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Thu, 28 May 2020 19:42:26 +0000 (21:42 +0200)
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>
Sat, 13 Jun 2020 13:13:21 +0000 (15:13 +0200)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

crypto/cmp/cmp_server.c

index 5cb313a32c0afac6380b3e35fd775330645026e3..c2f0e1a11338d94ee84f65b16a14ba0e53dd2a5f 100644 (file)
@@ -485,9 +485,10 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
 
             tid = OPENSSL_buf2hexstr(ctx->transactionID->data,
                                      ctx->transactionID->length);
-            ossl_cmp_log1(WARN, ctx,
-                          "Assuming that last transaction with ID=%s got aborted",
-                          tid);
+            if (tid != NULL)
+                ossl_cmp_log1(WARN, ctx,
+                              "Assuming that last transaction with ID=%s got aborted",
+                              tid);
             OPENSSL_free(tid);
         }
         /* start of a new transaction, reset transactionID and senderNonce */
@@ -500,9 +501,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         if (ctx->transactionID == NULL) {
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
             CMPerr(0, CMP_R_UNEXPECTED_PKIBODY);
-            /* ignore any (extra) error in next two function calls: */
-            (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
-            (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
             goto err;
 #endif
         }
@@ -568,6 +566,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         /* TODO fail_info could be more specific */
         OSSL_CMP_PKISI *si = NULL;
 
+        if (ctx->transactionID == NULL) {
+            /* ignore any (extra) error in next two function calls: */
+            (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
+            (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
+        }
+
         if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection,
                                           fail_info, NULL)) == NULL)
             return 0;