mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 04:02:15 +02:00
Code

OpenSSLPKI::x509_get_serial: Handle NULL result from BN_bn2dec

Browse Source 
The BN_bn2dec() can return NULL if the input is not parseable.
This would cause the conversion of char* to std::string to throw
an exception. Instead check the result and return an empty string
on errors.

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This commit is contained in:
Frank Lichtenheld 2023-10-25 18:18:59 +02:00 committed by David Sommerseth
parent e2f3f7509a
commit 2413ad0b53
No known key found for this signature in database
GPG Key ID: 86CF944C9671FDF2
2 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
openvpn/openssl/pki/x509certinfo.hpp
View File

@ -198,20 +198,18 @@ static std::string x509_get_field(::X509 *cert, const int nid)
*/
static std::string x509_get_serial(::X509 *cert)
{
ASN1_INTEGER *asn1_i;
BIGNUM *bignum;
char *openssl_serial;
asn1_i = X509_get_serialNumber(cert);
bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
openssl_serial = BN_bn2dec(bignum);
const std::string ret = openssl_serial;
const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
BIGNUM *bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
char *openssl_serial = BN_bn2dec(bignum);
BN_free(bignum);
OPENSSL_free(openssl_serial);
return ret;
if (openssl_serial)
{
const std::string ret = openssl_serial;
OPENSSL_free(openssl_serial);
return ret;
}
return std::string();
}
/**

10
openvpn/openssl/ssl/sslctx.hpp
View File

@ -1687,9 +1687,13 @@ class OpenSSLContext : public SSLFactoryAPI
switch (c.type)
{
case X509Track::SERIAL:
xts.emplace_back(X509Track::SERIAL,
depth,
OpenSSLPKI::x509_get_serial(cert));
{
std::string serial = OpenSSLPKI::x509_get_serial(cert);
if (!serial.empty())
xts.emplace_back(X509Track::SERIAL,
depth,
serial);
}
break;
case X509Track::SERIAL_HEX:
xts.emplace_back(X509Track::SERIAL_HEX,