From: Matt Caswell <matt@openssl.org>
Date: Thu, 22 Jun 2017 14:25:26 +0000 (+0100)
Subject: Fix OBJ_create() to tolerate a NULL sn and ln
X-Git-Tag: OpenSSL_1_1_1-pre1~1217
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=f13615c5b828aeb8e3d9bf2545c803633d1c684f

Fix OBJ_create() to tolerate a NULL sn and ln

In 1.0.2 and before OBJ_create() allowed the sn or ln parameter to be NULL.
Commit 52832e47 changed that so that it crashed if they were NULL.

This was causing problems with the built-in config oid module. If a long
name was provided OBJ_create() is initially called with a NULL ln and
therefore causes a crash.

Fixes #3733

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3753)
---

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 2f86cd5e46..f8c1db3c83 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -684,7 +684,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
     int ok = 0;
 
     /* Check to see if short or long name already present */
-    if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) {
+    if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
+            || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
         OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
         return 0;
     }