Don't crash if there are no trusted certs#6001
Closed
mattcaswell wants to merge 2 commits intoopenssl:masterfrom
Closed
Don't crash if there are no trusted certs#6001mattcaswell wants to merge 2 commits intoopenssl:masterfrom
mattcaswell wants to merge 2 commits intoopenssl:masterfrom
Conversation
The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the X509_STORE. Therefore we shouldn't crash if we subsequently call X509_verify_cert() and no X509_STORE has been set. Fixes openssl#2462
mattcaswell
added
branch: master
This was referenced Apr 18, 2018
levitte
approved these changes
Apr 18, 2018
richsalz
approved these changes
Apr 18, 2018
| || xobj == NULL | ||
| || ctx->ctx == NULL | ||
| || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { | ||
| X509_OBJECT_free(xobj); |
Contributor
There was a problem hiding this comment.
Hey @levitte and @vdukhovni take a look at that indent style. :)
richsalz
added
the
approval: done
Member
Author
|
Pushed. Thanks. |
levitte
pushed a commit
that referenced
this pull request
Apr 19, 2018
The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the X509_STORE. Therefore we shouldn't crash if we subsequently call X509_verify_cert() and no X509_STORE has been set. Fixes #2462 Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from #6001)
levitte
pushed a commit
that referenced
this pull request
Apr 19, 2018
Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from #6001)
agl
pushed a commit
to google/boringssl
that referenced
this pull request
Sep 17, 2020
X509_STORE_CTX_init is documented upstream to allow a NULL store and has logic to account for it. However, attempting to use such an X509_STORE_CTX crashes in X509_verify_cert due to the additional_untrusted logic we added. Moreover, before that change, it still crashes because X509_STORE_CTX_get1_issuer (the default get_issuer hook) assumes ctx->ctx (the store) is non-null. This was also true in upstream but later fixed in openssl/openssl#6001. However, without a store, there is no trust anchor, so this is not very useful. Reject NULL stores in X509_STORE_CTX_init and remove the logic allowing for a NULL one. Thanks to Danny Halawi for catching this. Update-Note: X509_STORE_CTX_init will now fail when the store is NULL, rather than report success, only to crash later in X509_verify_cert. Breakage should thus be limited to code which was passing in a NULL store but never used the resulting X509_STORE_CTX. Change-Id: I9db0289612cc245a8d62d6fa647d6b56b2daabda Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42728 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Adam Langley <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The X509_STORE_CTX_init() docs explicitly allow a NULL parameter for the X509_STORE. Therefore we shouldn't crash if we subsequently call X509_verify_cert() and no X509_STORE has been set.
Fixes #2462
Checklist