diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 13:30:22 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 14:54:35 +0200 |
commit | 1ded3ae173d93082a46628511615b22c8ff5c1ab (patch) | |
tree | 865ea6c4c57bd9de216eaddf89dcc723b7587a29 | |
parent | 430b067c27eab7d657c1ffdef8af489acc8d8b2c (diff) | |
download | gnutls-1ded3ae173d93082a46628511615b22c8ff5c1ab.tar.gz |
is_level_acceptable: ensure issuer is not dereferenced when null
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/verify.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 03416758dc..7a922a68b8 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -405,7 +405,7 @@ static unsigned is_level_acceptable( { gnutls_certificate_verification_profiles_t profile = GNUTLS_VFLAGS_TO_PROFILE(flags); const mac_entry_st *entry; - int issuer_pkalg, pkalg, ret; + int issuer_pkalg = 0, pkalg, ret; unsigned bits = 0, issuer_bits = 0, sym_bits = 0; gnutls_pk_params_st params; gnutls_sec_param_t sp; @@ -418,9 +418,11 @@ static unsigned is_level_acceptable( if (pkalg < 0) return gnutls_assert_val(0); - issuer_pkalg = gnutls_x509_crt_get_pk_algorithm(crt, &issuer_bits); - if (issuer_pkalg < 0) - return gnutls_assert_val(0); + if (issuer) { + issuer_pkalg = gnutls_x509_crt_get_pk_algorithm(issuer, &issuer_bits); + if (issuer_pkalg < 0) + return gnutls_assert_val(0); + } switch (profile) { CASE_SEC_PARAM(GNUTLS_PROFILE_VERY_WEAK, GNUTLS_SEC_PARAM_VERY_WEAK); |