From 5689dea5e878fed28c5f338a27d7cda4151a14f1 Mon Sep 17 00:00:00 2001
From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 6 Aug 2024 10:28:57 -0600
Subject: [PATCH] Prevent crash on malformed subjectPublicKey

A malformed subjectPublicKey causes X509_PUBKEY_get0() to return NULL.
Fort wasn't catching this when linked specifically to OpenSSL < 3.

Thanks to Niklas Vogel for reporting this.
---
 src/object/certificate.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/object/certificate.c b/src/object/certificate.c
index b3028987..3e2439bf 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -421,13 +421,18 @@ validate_subject_public_key(X509_PUBKEY *pubkey)
 
 #define MODULUS 2048
 #define EXPONENT "65537"
+	EVP_PKEY *pkey;
 	const RSA *rsa;
 	const BIGNUM *exp;
 	char *exp_str;
 	int modulus;
 	int error;
 
-	rsa = EVP_PKEY_get0_RSA(X509_PUBKEY_get0(pubkey));
+	pkey = X509_PUBKEY_get0(pubkey);
+	if (pkey == NULL)
+		return val_crypto_err("The certificate's Subject Public Key is missing or malformed.");
+
+	rsa = EVP_PKEY_get0_RSA(pkey);
 	if (rsa == NULL)
 		return val_crypto_err("EVP_PKEY_get0_RSA() returned NULL");