From 02c71f028b0460eb651346d03d6c940748208645 Mon Sep 17 00:00:00 2001 From: schwarze Date: Fri, 26 Nov 2021 13:17:09 +0000 Subject: [PATCH] Bugfix in X509_get_pubkey_parameters(3): If EVP_PKEY_copy_parameters(3) fails - among other reasons, this may happen when out of memory - the pkey argument and/or the chain argument will not contain all the desired parameters after returning. Consequently, report the failure to the caller rather than silently ignoring it. OK tb@ --- lib/libcrypto/x509/x509_vfy.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 93dac74c7bf..cf92c10299a 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.99 2021/11/26 13:05:03 schwarze Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.100 2021/11/26 13:17:09 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2097,11 +2097,13 @@ X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) /* first, populate the other certs */ for (j = i - 1; j >= 0; j--) { ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j)); - EVP_PKEY_copy_parameters(ktmp2, ktmp); + if (!EVP_PKEY_copy_parameters(ktmp2, ktmp)) + return 0; } if (pkey != NULL) - EVP_PKEY_copy_parameters(pkey, ktmp); + if (!EVP_PKEY_copy_parameters(pkey, ktmp)) + return 0; return 1; } -- 2.20.1