From 9d9465b140cf59750f97995c501d054d2543c29a Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 14 Aug 2024 14:00:48 +0100 Subject: [crypto] Fix debug name for empty certificate chain validators An attempt to use a validator for an empty certificate chain will correctly fail the overall validation with the "empty certificate chain" error propagated from x509_auto_append(). In a debug build, the call to validator_name() will attempt to call x509_name() on a non-existent certificate, resulting in garbage in the debug message. Fix by checking for the special case of an empty certificate chain. This issue does not affect non-debug builds, since validator_name() is (as per its description) called only for debug messages. Signed-off-by: Michael Brown --- src/net/validator.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/net/validator.c b/src/net/validator.c index 69c0df333..e1371d2e6 100644 --- a/src/net/validator.c +++ b/src/net/validator.c @@ -135,9 +135,11 @@ struct validator { * @ret name Validator name */ static const char * validator_name ( struct validator *validator ) { + struct x509_certificate *cert; - /* Use name of first certificate in chain */ - return x509_name ( x509_first ( validator->chain ) ); + /* Use name of first certificate in chain, if present */ + cert = x509_first ( validator->chain ); + return ( cert ? x509_name ( cert ) : "" ); } /** -- cgit