From 1b9271d523018476936bc22a1ef7d4f1ee4cf42c Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Tue, 10 Mar 2020 22:24:46 +0100
Subject: Be more cautious in CertificateChain::private_key_valid.

---
 src/certificate_chain.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index ce8d14aa..2fb0f651 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -507,6 +507,10 @@ CertificateChain::private_key_valid () const
 	}
 
 	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+	if (!private_key) {
+		return false;
+	}
+
 	RSA* public_key = leaf().public_key ();
 
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
@@ -514,6 +518,9 @@ CertificateChain::private_key_valid () const
 	RSA_get0_key(private_key, &private_key_n, 0, 0);
 	BIGNUM const * public_key_n;
 	RSA_get0_key(public_key, &public_key_n, 0, 0);
+	if (!private_key_n || !public_key_n) {
+		return false;
+	}
 	bool const valid = !BN_cmp (private_key_n, public_key_n);
 #else
 	bool const valid = !BN_cmp (private_key->n, public_key->n);
-- 
cgit v1.2.3