From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Wed, 8 Apr 2020 11:39:15 +0000 (+0200)
Subject: Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber
X-Git-Tag: openssl-3.0.0-alpha1~65
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=e0331eb8b818ed0daac45e0786571958f744d398

Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no serialNumber

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
---

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 5b00038659..654b7b5a68 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -21,6 +21,10 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
     int i;
     const X509_CINF *ai, *bi;
 
+    if (b == NULL)
+        return a != NULL;
+    if (a == NULL)
+        return -1;
     ai = &a->cert_info;
     bi = &b->cert_info;
     i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
@@ -161,8 +165,12 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
     int ret;
 
-    /* Ensure canonical encoding is present and up to date */
+    if (b == NULL)
+        return a != NULL;
+    if (a == NULL)
+        return -1;
 
+    /* Ensure canonical encoding is present and up to date */
     if (!a->canon_enc || a->modified) {
         ret = i2d_X509_NAME((X509_NAME *)a, NULL);
         if (ret < 0)