[Swan-dev] pluto: Fix undefined memory dereference in crt_tmp_import
Herbert Xu
herbert at gondor.apana.org.au
Thu Apr 30 11:40:13 EEST 2015
We can only dereference cc after the fin_count check as otherwise
we may dereference unallocated memory.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
diff --git a/programs/pluto/nss_cert_vfy.c b/programs/pluto/nss_cert_vfy.c
index 41ec630..ae13de6 100644
--- a/programs/pluto/nss_cert_vfy.c
+++ b/programs/pluto/nss_cert_vfy.c
@@ -289,7 +289,7 @@ static int crt_tmp_import(CERTCertDBHandle *handle, CERTCertificate ***chain,
goto done;
}
- for (cc = *chain; *cc != NULL && fin_count < nonroot; cc++) {
+ for (cc = *chain; fin_count < nonroot && *cc; cc++) {
DBG(DBG_X509, DBG_log("decoded %s", (*cc)->subjectName));
fin_count++;
}
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Swan-dev
mailing list