My original ticket is from times 0.9.8r and 1.0.0c.
Yep, situation is more better after:
OpenSSL_1_0_1-stable bea9a17 RT2560: missing NULL check in ocsp_req_find_signer
OpenSSL_1_0_2-stable a9d928a RT2560: missing NULL check in ocsp_req_find_signer
but I think, in some sick situation the first call of X509_find_by_subject can
return NULL, and may be the same check as in the case of the second call is
made (if(signer) ....), is not usefull.
Thanks for the nice work in openssl project.
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME
*nm, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags)
{
X509 *signer;
if(!(flags & OCSP_NOINTERN))
{
!!!!! signer = X509_find_by_subject(req->optionalSignature->certs, nm);
*psigner = signer;
return 1;
}
signer = X509_find_by_subject(certs, nm);
if (signer)
{
*psigner = signer;
return 2;
}
return 0;
}
________________________________________
From: Rich Salz via RT <r...@openssl.org>
Sent: Wednesday, September 10, 2014 6:24 PM
To: Cséplő László
Subject: [openssl.org #2560] Resolved: missing NULL pointer check in
ocsp_req_find_signer
According to our records, your request has been resolved. If you have any
further questions or concerns, please respond to this message.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
