Be more cautious in CertificateChain::private_key_valid.

author Carl Hetherington <cth@carlh.net>

Tue, 10 Mar 2020 21:24:46 +0000 (22:24 +0100)

committer Carl Hetherington <cth@carlh.net>

Tue, 10 Mar 2020 21:24:46 +0000 (22:24 +0100)
author Carl Hetherington <cth@carlh.net>
Tue, 10 Mar 2020 21:24:46 +0000 (22:24 +0100)
committer Carl Hetherington <cth@carlh.net>
Tue, 10 Mar 2020 21:24:46 +0000 (22:24 +0100)
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc

index 0d99d1c920a28083c4bcf748fe3d3dbe822928a6..7c1dc327be15c7071bfb537aa734fda5fbfe36c3 100644 (file)
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -500,6 +500,10 @@ CertificateChain::private_key_valid () const
         }
  
         RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+       if (!private_key) {
+               return false;
+       }
+
         RSA* public_key = leaf().public_key ();
  
  #if OPENSSL_VERSION_NUMBER > 0x10100000L
@@ -507,6 +511,9 @@ CertificateChain::private_key_valid () const
         RSA_get0_key(private_key, &private_key_n, 0, 0);
         BIGNUM const * public_key_n;
         RSA_get0_key(public_key, &public_key_n, 0, 0);
+       if (!private_key_n || !public_key_n) {
+               return false;
+       }
         bool const valid = !BN_cmp (private_key_n, public_key_n);
  #else
         bool const valid = !BN_cmp (private_key->n, public_key->n);
author	Carl Hetherington <cth@carlh.net>
	Tue, 10 Mar 2020 21:24:46 +0000 (22:24 +0100)
committer	Carl Hetherington <cth@carlh.net>
	Tue, 10 Mar 2020 21:24:46 +0000 (22:24 +0100)