From 5aed1786fcd038f16683a80ddbd0599cda0bb488 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Thu, 28 May 2020 21:42:26 +0200 Subject: [PATCH] Fill in transactionID on any error in OSSL_CMP_SRV_process_request() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) --- crypto/cmp/cmp_server.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 5cb313a32c..c2f0e1a113 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -485,9 +485,10 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, tid = OPENSSL_buf2hexstr(ctx->transactionID->data, ctx->transactionID->length); - ossl_cmp_log1(WARN, ctx, - "Assuming that last transaction with ID=%s got aborted", - tid); + if (tid != NULL) + ossl_cmp_log1(WARN, ctx, + "Assuming that last transaction with ID=%s got aborted", + tid); OPENSSL_free(tid); } /* start of a new transaction, reset transactionID and senderNonce */ @@ -500,9 +501,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, if (ctx->transactionID == NULL) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_UNEXPECTED_PKIBODY); - /* ignore any (extra) error in next two function calls: */ - (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); - (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); goto err; #endif } @@ -568,6 +566,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, /* TODO fail_info could be more specific */ OSSL_CMP_PKISI *si = NULL; + if (ctx->transactionID == NULL) { + /* ignore any (extra) error in next two function calls: */ + (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); + (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); + } + if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, fail_info, NULL)) == NULL) return 0; -- 2.25.1