From: Carl Hetherington <cth@carlh.net>
Date: Tue, 10 Mar 2020 21:24:46 +0000 (+0100)
Subject: Be more cautious in CertificateChain::private_key_valid.
X-Git-Tag: v1.6.15
X-Git-Url: https://main.carlh.net/gitweb/?a=commitdiff_plain;ds=sidebyside;h=5292108cb0816789a58ac469114d53ac2a5b5bde;p=libdcp.git

Be more cautious in CertificateChain::private_key_valid.
---

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 0d99d1c9..7c1dc327 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -500,6 +500,10 @@ CertificateChain::private_key_valid () const
 	}
 
 	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+	if (!private_key) {
+		return false;
+	}
+
 	RSA* public_key = leaf().public_key ();
 
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
@@ -507,6 +511,9 @@ CertificateChain::private_key_valid () const
 	RSA_get0_key(private_key, &private_key_n, 0, 0);
 	BIGNUM const * public_key_n;
 	RSA_get0_key(public_key, &public_key_n, 0, 0);
+	if (!private_key_n || !public_key_n) {
+		return false;
+	}
 	bool const valid = !BN_cmp (private_key_n, public_key_n);
 #else
 	bool const valid = !BN_cmp (private_key->n, public_key->n);