X509_verify_cert can return without setting cert_ctx.current_cert. If
authorGreg Hudson <ghudson@mit.edu>
Wed, 8 Sep 2010 03:15:49 +0000 (03:15 +0000)
committerGreg Hudson <ghudson@mit.edu>
Wed, 8 Sep 2010 03:15:49 +0000 (03:15 +0000)
it does, don't dereference a null pointer when creating the pkiDebug
message.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24296 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

index 25104d680dde571e11c82fe7339572ed2df4d840..bdde2e0fbcdfa03a558ab67971b2233ebe8017cd 100644 (file)
@@ -1319,8 +1319,11 @@ cms_signeddata_verify(krb5_context context,
         default:
             retval = KRB5KDC_ERR_INVALID_CERTIFICATE;
         }
-        X509_NAME_oneline(X509_get_subject_name(
-                              reqctx->received_cert), buf, sizeof(buf));
+        if (reqctx->received_cert == NULL)
+            strlcpy(buf, "(none)", sizeof(buf));
+        else
+            X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert),
+                              buf, sizeof(buf));
         pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
                  X509_verify_cert_error_string(j));
         krb5_set_error_message(context, retval, "%s\n",