From 5292108cb0816789a58ac469114d53ac2a5b5bde Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Tue, 10 Mar 2020 22:24:46 +0100
Subject: [PATCH] Be more cautious in CertificateChain::private_key_valid.

---
 src/certificate_chain.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 0d99d1c9..7c1dc327 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -500,6 +500,10 @@ CertificateChain::private_key_valid () const
 	}
 
 	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+	if (!private_key) {
+		return false;
+	}
+
 	RSA* public_key = leaf().public_key ();
 
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
@@ -507,6 +511,9 @@ CertificateChain::private_key_valid () const
 	RSA_get0_key(private_key, &private_key_n, 0, 0);
 	BIGNUM const * public_key_n;
 	RSA_get0_key(public_key, &public_key_n, 0, 0);
+	if (!private_key_n || !public_key_n) {
+		return false;
+	}
 	bool const valid = !BN_cmp (private_key_n, public_key_n);
 #else
 	bool const valid = !BN_cmp (private_key->n, public_key->n);
-- 
2.30.2