Be more cautious in CertificateChain::private_key_valid.v1.6.15

author: Carl Hetherington <cth@carlh.net> 2020-03-10 22:24:46 +0100
committer: Carl Hetherington <cth@carlh.net> 2020-03-10 22:24:46 +0100
commit: 5292108cb0816789a58ac469114d53ac2a5b5bde (patch)
tree: 0675c7e4b61472478a430a4583fcef5cbc239136 /src
parent: b651392d70d7e37ce5a8a20da81d86e5d19aadd8 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 0d99d1c9..7c1dc327 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -500,6 +500,10 @@ CertificateChain::private_key_valid () const
 	}
 
 	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+	if (!private_key) {
+		return false;
+	}
+
 	RSA* public_key = leaf().public_key ();
 
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
@@ -507,6 +511,9 @@ CertificateChain::private_key_valid () const
 	RSA_get0_key(private_key, &private_key_n, 0, 0);
 	BIGNUM const * public_key_n;
 	RSA_get0_key(public_key, &public_key_n, 0, 0);
+	if (!private_key_n || !public_key_n) {
+		return false;
+	}
 	bool const valid = !BN_cmp (private_key_n, public_key_n);
 #else
 	bool const valid = !BN_cmp (private_key->n, public_key->n);
author	Carl Hetherington <cth@carlh.net>	2020-03-10 22:24:46 +0100
committer	Carl Hetherington <cth@carlh.net>	2020-03-10 22:24:46 +0100
commit	5292108cb0816789a58ac469114d53ac2a5b5bde (patch)
tree	0675c7e4b61472478a430a4583fcef5cbc239136 /src
parent	b651392d70d7e37ce5a8a20da81d86e5d19aadd8 (diff)