Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix null pointer dereference in ocsp verification code in case no certificate

Browse source 
is sent as part as the ocsp reply.

Addresses BIT-1212

There is an additional issue here that prevents the correct verification of
proofs in quite a few cases; this will be addressed in a separate commit.
This commit is contained in:
Johanna Amann 2014-09-03 22:07:21 -07:00
parent dc468b1e56
commit 2d8368fee9
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/file_analysis/analyzer/x509/functions.bif
View file

@ -250,6 +250,17 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// inject the certificates in the certificate list of the OCSP reply, they actually are used during // inject the certificates in the certificate list of the OCSP reply, they actually are used during
// the lookup. // the lookup.
// Yay. // Yay.
if ( basic->certs == 0 )
{
basic->certs = sk_X509_new_null();
if ( !basic->certs )
{
rval = x509_result_record(-1, "Could not allocate basic x509 stack");
goto x509_ocsp_cleanup;
}
}
issuer_certificate = 0; issuer_certificate = 0;
for ( int i = 0; i < sk_X509_num(untrusted_certs); i++) for ( int i = 0; i < sk_X509_num(untrusted_certs); i++)
{ {