mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
OpenSSLPKI::x509_get_serial: Handle NULL result from BN_bn2dec
The BN_bn2dec() can return NULL if the input is not parseable. This would cause the conversion of char* to std::string to throw an exception. Instead check the result and return an empty string on errors. Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
This commit is contained in:
parent
e2f3f7509a
commit
2413ad0b53
@ -198,20 +198,18 @@ static std::string x509_get_field(::X509 *cert, const int nid)
|
||||
*/
|
||||
static std::string x509_get_serial(::X509 *cert)
|
||||
{
|
||||
ASN1_INTEGER *asn1_i;
|
||||
BIGNUM *bignum;
|
||||
char *openssl_serial;
|
||||
|
||||
asn1_i = X509_get_serialNumber(cert);
|
||||
bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
|
||||
openssl_serial = BN_bn2dec(bignum);
|
||||
|
||||
const std::string ret = openssl_serial;
|
||||
|
||||
const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
|
||||
BIGNUM *bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
|
||||
char *openssl_serial = BN_bn2dec(bignum);
|
||||
BN_free(bignum);
|
||||
OPENSSL_free(openssl_serial);
|
||||
|
||||
return ret;
|
||||
if (openssl_serial)
|
||||
{
|
||||
const std::string ret = openssl_serial;
|
||||
OPENSSL_free(openssl_serial);
|
||||
return ret;
|
||||
}
|
||||
return std::string();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1687,9 +1687,13 @@ class OpenSSLContext : public SSLFactoryAPI
|
||||
switch (c.type)
|
||||
{
|
||||
case X509Track::SERIAL:
|
||||
xts.emplace_back(X509Track::SERIAL,
|
||||
depth,
|
||||
OpenSSLPKI::x509_get_serial(cert));
|
||||
{
|
||||
std::string serial = OpenSSLPKI::x509_get_serial(cert);
|
||||
if (!serial.empty())
|
||||
xts.emplace_back(X509Track::SERIAL,
|
||||
depth,
|
||||
serial);
|
||||
}
|
||||
break;
|
||||
case X509Track::SERIAL_HEX:
|
||||
xts.emplace_back(X509Track::SERIAL_HEX,
|
||||
|
Loading…
Reference in New Issue
Block a user