diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 13:25:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 14:54:30 +0200 |
commit | 430b067c27eab7d657c1ffdef8af489acc8d8b2c (patch) | |
tree | 085d522fde4fac407c6d78f07c0246d58d5e7c8f | |
parent | f20b257083d428e99f7adcef262854bdea0a4e5e (diff) | |
download | gnutls-430b067c27eab7d657c1ffdef8af489acc8d8b2c.tar.gz |
certtool: guard the value of tl before gnutls_pkcs7_verify
This utilizes assert() as it cannot be triggered in practice.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | src/certtool.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index f818a5b904..00126b60d4 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -43,6 +43,8 @@ # include <signal.h> #endif +#include <assert.h> + /* Gnulib portability files. */ #include <read-file.h> @@ -2916,8 +2918,10 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ ret = GNUTLS_E_CONSTRAINT_ERROR; } - } else + } else { + assert(tl != NULL); ret = gnutls_pkcs7_verify(pkcs7, tl, vdata, vdata_size, i, detached.data!=NULL?&detached:NULL, flags); + } if (ret < 0) { fprintf(stderr, "\tSignature status: verification failed: %s\n", gnutls_strerror(ret)); ecode = 1; |