From b79b571036757ffc2ef7728fb9ec5f9a4e56590c Mon Sep 17 00:00:00 2001 From: schwarze Date: Sun, 4 Jul 2021 11:38:37 +0000 Subject: [PATCH] Bugfix: when X509_NAME_dup(3) failed, X509_NAME_set(3) indicated success even though it did not actually set the name. Instead, indicate failure in this case. This commit sneaks in a small, unrelated change in behaviour. If the first argument of X509_NAME_set(3) was NULL, the function used to return failure. Now it crashes the program by accessing the NULL pointer, for compatibility with the same change in OpenSSL. This merges the following two commits from the OpenSSL-1.1.1 branch, which is still available under a free license: 1. 180794c5 Rich Salz Sep 3 11:33:34 2017 -0400 2. c1c1783d Richard Levitte May 17 09:53:14 2018 +0200 OK tb@ --- lib/libcrypto/asn1/x_name.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/lib/libcrypto/asn1/x_name.c b/lib/libcrypto/asn1/x_name.c index 4bf184252f1..0961ee33ebb 100644 --- a/lib/libcrypto/asn1/x_name.c +++ b/lib/libcrypto/asn1/x_name.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_name.c,v 1.34 2018/02/20 17:09:20 jsing Exp $ */ +/* $OpenBSD: x_name.c,v 1.35 2021/07/04 11:38:37 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -626,19 +626,13 @@ i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in) int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { - X509_NAME *in; - - if (!xn || !name) - return (0); - - if (*xn != name) { - in = X509_NAME_dup(name); - if (in != NULL) { - X509_NAME_free(*xn); - *xn = in; - } - } - return (*xn != NULL); + if (*xn == name) + return *xn != NULL; + if ((name = X509_NAME_dup(name)) == NULL) + return 0; + X509_NAME_free(*xn); + *xn = name; + return 1; } int -- 2.20.1