certtool: check fread_file() for errors in all situations

This caused certtool to crash on invalid input on stdin.
Reported by Christoph Biedl.

1 files changed, 55 insertions, 0 deletions

diff --git a/src/certtool.c b/src/certtool.c
index 9926a722f1..f184625e58 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1308,6 +1308,11 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 	pem.data = (void *) fread_file(infile, &size);
 	pem.size = size;
 
+	if (!pem.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	ret =
 	    gnutls_x509_crt_list_import2(&crts, &crt_num, &pem, incert_format, 0);
 	if (ret < 0) {
@@ -1367,6 +1372,11 @@ void pgp_certificate_info(void)
 	pem.data = (void *) fread_file(infile, &size);
 	pem.size = size;
 
+	if (!pem.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	ret = gnutls_openpgp_crt_init(&crt);
 	if (ret < 0) {
 		fprintf(stderr, "openpgp_crt_init: %s\n",
@@ -1604,6 +1614,11 @@ void pgp_ring_info(void)
 	pem.data = (void *) fread_file(infile, &size);
 	pem.size = size;
 
+	if (!pem.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	ret = gnutls_openpgp_keyring_init(&ring);
 	if (ret < 0) {
 		fprintf(stderr, "openpgp_keyring_init: %s\n",
@@ -2727,6 +2742,11 @@ void verify_crl(common_info_st * cinfo)
 	pem.data = (void *) fread_file(infile, &size);
 	pem.size = size;
 
+	if (!pem.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	ret = gnutls_x509_crl_import(crl, &pem, incert_format);
 	free(pem.data);
 	if (ret < 0) {
@@ -2877,6 +2897,11 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose)
 	data.data = (void *) fread_file(infile, &size);
 	data.size = size;
 
+	if (!data.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	ret = gnutls_pkcs7_import(pkcs7, &data, cinfo->incert_format);
 	free(data.data);
 	if (ret < 0) {
@@ -2962,6 +2987,11 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed)
 	data.data = (void *) fread_file(infile, &size);
 	data.size = size;
 
+	if (!data.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	signer = load_cert(1, cinfo);
 	key = load_private_key(1, cinfo);
 
@@ -3507,6 +3537,11 @@ void pkcs12_info(common_info_st * cinfo)
 	data.data = (void *) fread_file(infile, &size);
 	data.size = size;
 
+	if (!data.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	result = gnutls_pkcs12_import(pkcs12, &data, incert_format, 0);
 	free(data.data);
 	if (result < 0) {
@@ -3678,6 +3713,11 @@ void pkcs8_info(void)
 	data.data = (void *) fread_file(infile, &size);
 	data.size = size;
 
+	if (!data.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	pkcs8_info_int(&data, incert_format, 0, outfile, "");
 }
 
@@ -3697,6 +3737,11 @@ void pkcs7_info(common_info_st *cinfo)
 	data.data = (void *) fread_file(infile, &size);
 	data.size = size;
 
+	if (!data.data) {
+		fprintf(stderr, "%s", infile ? "file" : "standard input");
+		exit(1);
+	}
+
 	result = gnutls_pkcs7_import(pkcs7, &data, incert_format);
 	free(data.data);
 	if (result < 0) {
@@ -3824,6 +3869,11 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 				pem.data = (void *) fread_file(infile, &size);
 				pem.size = size;
 
+				if (!pem.data) {
+					fprintf(stderr, "%s", infile ? "file" : "standard input");
+					exit(1);
+				}
+
 				ret = gnutls_pubkey_init(&pubkey);
 				if (ret < 0) {
 					fprintf(stderr,
@@ -3981,6 +4031,11 @@ void certificate_fpr(common_info_st * cinfo)
 		pem.data = (void *) fread_file(infile, &size);
 		pem.size = size;
 
+		if (!pem.data) {
+			fprintf(stderr, "%s", infile ? "file" : "standard input");
+			exit(1);
+		}
+
 		crt_num = 1;
 		ret =
 		    gnutls_x509_crt_list_import(&crt, &crt_num, &pem, incert_format,