narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[crypto] Fix debug name for empty certificate chain validators 

An attempt to use a validator for an empty certificate chain will
correctly fail the overall validation with the "empty certificate
chain" error propagated from x509_auto_append().

In a debug build, the call to validator_name() will attempt to call
x509_name() on a non-existent certificate, resulting in garbage in the
debug message.

Fix by checking for the special case of an empty certificate chain.

This issue does not affect non-debug builds, since validator_name() is
(as per its description) called only for debug messages.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/1171/head
Michael Brown 2024-08-14 14:00:48 +01:00
parent 97635eb71b
commit 9d9465b140
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/net/validator.c
View File

@ -135,9 +135,11 @@ struct validator {
* @ret name Validator name
*/
static const char * validator_name ( struct validator *validator ) {
struct x509_certificate *cert;
/* Use name of first certificate in chain */
return x509_name ( x509_first ( validator->chain ) );
/* Use name of first certificate in chain, if present */
cert = x509_first ( validator->chain );
return ( cert ? x509_name ( cert ) : "<empty>" );
}
/**