pluto: Avoid potential null-pointer dereference when checking CRLs.
authorTobias Brunner <tobias@strongswan.org>
Mon, 18 Apr 2011 14:35:04 +0000 (16:35 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Apr 2011 11:48:50 +0000 (13:48 +0200)
src/pluto/crl.c

index 932bbb9..38db0f2 100644 (file)
@@ -425,7 +425,8 @@ cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate,
                lock_authcert_list("verify_by_crl");
 
                issuer_cert = get_authcert(issuer, authKeyID, X509_CA);
-               trusted = cert_crl->issued_by(cert_crl, issuer_cert->cert);
+               trusted = issuer_cert ? cert_crl->issued_by(cert_crl, issuer_cert->cert)
+                                                         : FALSE;
 
                unlock_authcert_list("verify_by_crl");