tls: avoid a nullpointer dereference

* If none of the CRLs match the name and less than MAX_CRLS were loaded, it comes to a segmentation fault because data->crls[cnt] is null Signed-off-by: Adrian Brzezinski <adrian.brzezinski@eo.pl>
bareos · Nov 5, 2019 · 1699ec9 · 1699ec9
1 parent cd43cb7
commit 1699ec9
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/core/src/lib/tls_openssl_crl.cc b/core/src/lib/tls_openssl_crl.cc
@@ -293,6 +293,9 @@ static int CrlReloaderGetBySubject(X509_LOOKUP *lookup, int type, X509_NAME *nam
    ret->type = 0;
    ret->data.crl = NULL;
    for (cnt = 0; cnt < MAX_CRLS; cnt++) {
+
+      if ( data->crls[cnt] == NULL ) { continue; }
+
       if (CrlEntryExpired(data->crls[cnt]) && !CrlReloaderReloadIfNewer(lookup)) {
          goto bail_out;
       }