The branch OpenSSL_1_0_2-stable has been updated via a3d684ffca282796511cb8f3593a59a80109eed8 (commit) via dd37f6f12cc14cc4710289746b112eb0fed3b0b7 (commit) from 6e17c64b17882cf03f9224aa454e600a7152817a (commit)
- Log ----------------------------------------------------------------- commit a3d684ffca282796511cb8f3593a59a80109eed8 Author: Matt Caswell <m...@openssl.org> Date: Fri Jan 19 14:48:45 2018 +0000 Don't crash on a missing Subject in index.txt An index.txt entry which has an empty Subject name field will cause ca to crash. Therefore check it when we load it to make sure its not empty. Fixes #5109 Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5115) commit dd37f6f12cc14cc4710289746b112eb0fed3b0b7 Author: Matt Caswell <m...@openssl.org> Date: Fri Jan 19 14:34:56 2018 +0000 Don't allow an empty Subject when creating a Certificate Misconfiguration (e.g. an empty policy section in the config file) can lead to an empty Subject. Since certificates should have unique Subjects this should not be allowed. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5115) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/apps/ca.c b/apps/ca.c index 9a83996..bde3e44 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -880,6 +880,10 @@ int MAIN(int argc, char **argv) } p++; } + if (pp[DB_name][0] == '\0') { + BIO_printf(bio_err, "entry %d: bad Subject\n", i + 1); + goto err; + } } if (verbose) { BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */ @@ -1672,6 +1676,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, "The Subject's Distinguished Name is as follows\n"); name = X509_REQ_get_subject_name(req); + if (X509_NAME_entry_count(name) == 0) { + BIO_printf(bio_err, "Error: The supplied Subject is empty\n"); + goto err; + } for (i = 0; i < X509_NAME_entry_count(name); i++) { ne = X509_NAME_get_entry(name, i); str = X509_NAME_ENTRY_get_data(ne); @@ -1836,6 +1844,12 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } + if (X509_NAME_entry_count(subject) == 0) { + BIO_printf(bio_err, + "Error: After applying policy the Subject is empty\n"); + goto err; + } + if (verbose) BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n"); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits