From: Rich Salz <rsalz@openssl.org>
Date: Wed, 10 Sep 2014 15:43:45 +0000 (-0400)
Subject: RT2560: missing NULL check in ocsp_req_find_signer
X-Git-Tag: OpenSSL_1_0_1j~29
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=bea9a177263f4dbbc662082837cdb58f4cf741c3

RT2560: missing NULL check in ocsp_req_find_signer

If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
---

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 276718304d..fc0d4cc0f5 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
 	if(!(flags & OCSP_NOINTERN))
 		{
 		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-		*psigner = signer;
-		return 1;
+		if (signer)
+			{
+			*psigner = signer;
+			return 1;
+			}
 		}
 
 	signer = X509_find_by_subject(certs, nm);