BoringSSL: Fix PKCS12_parse() segfault when used without password

Unlike OpenSSL PKCS12_parse(), the BoringSSL version seems to require
the password pointer to be non-NULL even if no password is present. Map
passwrd == NULL to passwd = "" to avoid a NULL pointer dereference
within BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-08-18 02:06:02 +03:00 committed by Jouni Malinen
parent a89beee589
commit c07e7b43e9

View file

@ -2076,6 +2076,8 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
pkey = NULL; pkey = NULL;
cert = NULL; cert = NULL;
certs = NULL; certs = NULL;
if (!passwd)
passwd = "";
if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
tls_show_errors(MSG_DEBUG, __func__, tls_show_errors(MSG_DEBUG, __func__,
"Failed to parse PKCS12 file"); "Failed to parse PKCS12 file");