diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 13:25:08 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-06 12:58:33 +0200 |
| commit | b31602c6c2fff31b12e80e0f2465ad66f0255144 (patch) | |
| tree | 1f7ab61b2db01f86533decd8bd3c5c907ccd7510 | |
| parent | 2804035ee68ac3edc85383415303d4046375c55d (diff) | |
| download | gnutls-b31602c6c2fff31b12e80e0f2465ad66f0255144.tar.gz | |
certtool: guard the value of tl before gnutls_pkcs7_verify
This utilizes assert() as it cannot be triggered in practice.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | src/certtool.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index 5526598f2b..7d9d5072e5 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -43,6 +43,8 @@ # include <signal.h> #endif +#include <assert.h> + /* Gnulib portability files. */ #include <read-file.h> @@ -2850,8 +2852,10 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ ret = GNUTLS_E_CONSTRAINT_ERROR; } - } else + } else { + assert(tl != NULL); ret = gnutls_pkcs7_verify(pkcs7, tl, vdata, vdata_size, i, detached.data!=NULL?&detached:NULL, flags); + } if (ret < 0) { fprintf(stderr, "\tSignature status: verification failed: %s\n", gnutls_strerror(ret)); ecode = 1; |