diff options
| author | Michael Brown <mcb30@ipxe.org> | 2024-08-14 14:00:48 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2024-08-14 14:07:41 +0100 |
| commit | 9d9465b140cf59750f97995c501d054d2543c29a (patch) | |
| tree | e3e42bc86a9c46603b6491a5800d3e21ca31f74b | |
| parent | 97635eb71b5ad7e81e79f32fef5f4394bcee0722 (diff) | |
| download | ipxe-9d9465b140cf59750f97995c501d054d2543c29a.tar.gz | |
[crypto] Fix debug name for empty certificate chain validators
An attempt to use a validator for an empty certificate chain will
correctly fail the overall validation with the "empty certificate
chain" error propagated from x509_auto_append().
In a debug build, the call to validator_name() will attempt to call
x509_name() on a non-existent certificate, resulting in garbage in the
debug message.
Fix by checking for the special case of an empty certificate chain.
This issue does not affect non-debug builds, since validator_name() is
(as per its description) called only for debug messages.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/validator.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/net/validator.c b/src/net/validator.c index 69c0df333..e1371d2e6 100644 --- a/src/net/validator.c +++ b/src/net/validator.c @@ -135,9 +135,11 @@ struct validator { * @ret name Validator name */ static const char * validator_name ( struct validator *validator ) { + struct x509_certificate *cert; - /* Use name of first certificate in chain */ - return x509_name ( x509_first ( validator->chain ) ); + /* Use name of first certificate in chain, if present */ + cert = x509_first ( validator->chain ); + return ( cert ? x509_name ( cert ) : "<empty>" ); } /** |