diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-09-08 03:15:49 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-09-08 03:15:49 +0000 |
| commit | 91a250bf1a299cedbf30e1ef5a7a33d7830e2a84 (patch) | |
| tree | 9c31aeb47d11378654bce742c15afd226c1c5cde /src | |
| parent | 140e24e9149eabe8793d439a7d386c78ecb00fab (diff) | |
| download | krb5-91a250bf1a299cedbf30e1ef5a7a33d7830e2a84.tar.gz krb5-91a250bf1a299cedbf30e1ef5a7a33d7830e2a84.tar.xz krb5-91a250bf1a299cedbf30e1ef5a7a33d7830e2a84.zip | |
X509_verify_cert can return without setting cert_ctx.current_cert. If
it does, don't dereference a null pointer when creating the pkiDebug
message.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24296 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 25104d680..bdde2e0fb 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -1319,8 +1319,11 @@ cms_signeddata_verify(krb5_context context, default: retval = KRB5KDC_ERR_INVALID_CERTIFICATE; } - X509_NAME_oneline(X509_get_subject_name( - reqctx->received_cert), buf, sizeof(buf)); + if (reqctx->received_cert == NULL) + strlcpy(buf, "(none)", sizeof(buf)); + else + X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert), + buf, sizeof(buf)); pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j, X509_verify_cert_error_string(j)); krb5_set_error_message(context, retval, "%s\n", |