[openssl.org #2560] missing NULL pointer check in ocsp_req_find_signer

2014-09-10 Thread Rich Salz via RT
And hey, wasn't it a neat coincidence that the OCSP RFC is 2560? :) OpenSSL_1_0_1-stable bea9a17 RT2560: missing NULL check in ocsp_req_find_signer OpenSSL_1_0_2-stable a9d928a RT2560: missing NULL check in ocsp_req_find_signer HEAD b2aa38a RT2560: missing NULL check in ocsp_req_find_signer Aut

RE: [openssl.org #2560] missing NULL pointer check in ocsp_req_find_signer

2014-09-10 Thread Salz, Rich
> It is from real world application. In some case the X509_find_by_subject > (called from ocsp_req_find_signer) returned NULL, and the whole > application halted. Ah, I misunderstood the ticket. Add "if (!signer) return 0;" after the call to X509_find_by_subject. I'll submit that shortly. Than

RE: [openssl.org #2560] missing NULL pointer check in ocsp_req_find_signer

2014-09-10 Thread Cséplő László via RT
-dev@openssl.org Subject: [openssl.org #2560] missing NULL pointer check in ocsp_req_find_signer This can't happen. It's an internal function and never gets NULL -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenS

[openssl.org #2560] missing NULL pointer check in ocsp_req_find_signer

2014-09-09 Thread Rich Salz via RT
This can't happen. It's an internal function and never gets NULL -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List

[openssl.org #2560] missing NULL pointer check in ocsp_req_find_signer

2011-07-13 Thread cipo via RT
openssl 0.9.8r, 1.0.0c ocsp_req_find_signer does'nt check the returned signer value. If the signer is NULL, the sequence of EVP_PKEY *skey; skey = X509_get_pubkey(signer); ret = OCSP_REQUEST_verify(req, skey); in OCSP_request_verify leads to core dump. --- ocsp_vfy.c