svn rev #24296: trunk/src/plugins/preauth/pkinit/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Sep 7 23:15:49 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24296
Commit By: ghudson
Log Message:
X509_verify_cert can return without setting cert_ctx.current_cert. If
it does, don't dereference a null pointer when creating the pkiDebug
message.
Changed Files:
U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Modified: trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
===================================================================
--- trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2010-09-07 17:54:15 UTC (rev 24295)
+++ trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2010-09-08 03:15:49 UTC (rev 24296)
@@ -1319,8 +1319,11 @@
default:
retval = KRB5KDC_ERR_INVALID_CERTIFICATE;
}
- X509_NAME_oneline(X509_get_subject_name(
- reqctx->received_cert), buf, sizeof(buf));
+ if (reqctx->received_cert == NULL)
+ strlcpy(buf, "(none)", sizeof(buf));
+ else
+ X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert),
+ buf, sizeof(buf));
pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
X509_verify_cert_error_string(j));
krb5_set_error_message(context, retval, "%s\n",
More information about the cvs-krb5
mailing list