is_level_acceptable: ensure issuer is not dereferenced when null

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-04-05 13:30:22 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-04-05 14:54:35 +0200
commit: 1ded3ae173d93082a46628511615b22c8ff5c1ab (patch)
tree: 865ea6c4c57bd9de216eaddf89dcc723b7587a29
parent: 430b067c27eab7d657c1ffdef8af489acc8d8b2c (diff)
download: gnutls-1ded3ae173d93082a46628511615b22c8ff5c1ab.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 03416758dc..7a922a68b8 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -405,7 +405,7 @@ static unsigned is_level_acceptable(
 {
 	gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags);
 	const mac_entry_st *entry;
-	int issuer_pkalg, pkalg, ret;
+	int issuer_pkalg = 0, pkalg, ret;
 	unsigned bits = 0, issuer_bits = 0, sym_bits = 0;
 	gnutls_pk_params_st params;
 	gnutls_sec_param_t sp;
@@ -418,9 +418,11 @@ static unsigned is_level_acceptable(
 	if (pkalg < 0)
 		return gnutls_assert_val(0);
 
-	issuer_pkalg = gnutls_x509_crt_get_pk_algorithm(crt, &issuer_bits);
-	if (issuer_pkalg < 0)
-		return gnutls_assert_val(0);
+	if (issuer) {
+		issuer_pkalg = gnutls_x509_crt_get_pk_algorithm(issuer, &issuer_bits);
+		if (issuer_pkalg < 0)
+			return gnutls_assert_val(0);
+	}
 
 	switch (profile) {
 		CASE_SEC_PARAM(GNUTLS_PROFILE_VERY_WEAK, GNUTLS_SEC_PARAM_VERY_WEAK);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-04-05 13:30:22 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-04-05 14:54:35 +0200
commit	1ded3ae173d93082a46628511615b22c8ff5c1ab (patch)
tree	865ea6c4c57bd9de216eaddf89dcc723b7587a29
parent	430b067c27eab7d657c1ffdef8af489acc8d8b2c (diff)
download	gnutls-1ded3ae173d93082a46628511615b22c8ff5c1ab.tar.gz