X509_verify_cert can return without setting cert_ctx.current_cert. If

it does, don't dereference a null pointer when creating the pkiDebug message. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24296 dc483132-0cff-0310-8789-dd5450dbe970
aadamowski · Sep 8, 2010 · 4feb417 · 4feb417
1 parent a49ceff
commit 4feb417
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1319,8 +1319,11 @@ cms_signeddata_verify(krb5_context context,
         default:
             retval = KRB5KDC_ERR_INVALID_CERTIFICATE;
         }
-        X509_NAME_oneline(X509_get_subject_name(
-                              reqctx->received_cert), buf, sizeof(buf));
+        if (reqctx->received_cert == NULL)
+            strlcpy(buf, "(none)", sizeof(buf));
+        else
+            X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert),
+                              buf, sizeof(buf));
         pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
                  X509_verify_cert_error_string(j));
         krb5_set_error_message(context, retval, "%s\n",