From 91a250bf1a299cedbf30e1ef5a7a33d7830e2a84 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 8 Sep 2010 03:15:49 +0000 Subject: [PATCH] X509_verify_cert can return without setting cert_ctx.current_cert. If it does, don't dereference a null pointer when creating the pkiDebug message. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24296 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 25104d680..bdde2e0fb 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -1319,8 +1319,11 @@ cms_signeddata_verify(krb5_context context, default: retval = KRB5KDC_ERR_INVALID_CERTIFICATE; } - X509_NAME_oneline(X509_get_subject_name( - reqctx->received_cert), buf, sizeof(buf)); + if (reqctx->received_cert == NULL) + strlcpy(buf, "(none)", sizeof(buf)); + else + X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert), + buf, sizeof(buf)); pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j, X509_verify_cert_error_string(j)); krb5_set_error_message(context, retval, "%s\n", -- 2.26.2