From 476c1198e8a5e31b9674da98e58061a84a677711 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Thu, 12 Oct 2023 14:19:25 +0100
Subject: [PATCH 1/5] Fix possible NULL dereference issue in X509 cert_write
 program

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 programs/x509/cert_write.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 40b1871f3..5e0d608bc 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -583,6 +583,9 @@ usage:
 
                 if ((subtype_value = strchr(q, ':')) != NULL) {
                     *subtype_value++ = '\0';
+                } else {
+                    mbedtls_printf("Invalid argument for option SAN: Entry should be seperated by a colon\n");
+                    goto usage;
                 }
                 if (strcmp(q, "RFC822") == 0) {
                     cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;

From 1444c0eb20163cf4979902572c08e9e720a9a310 Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Thu, 12 Oct 2023 14:31:06 +0100
Subject: [PATCH 2/5] Add changelog entry for x509 cert_write null dereference
 fix

Also fix a typo in cert_write.c

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 ChangeLog.d/fix-issue-x509-cert_write.txt | 2 ++
 programs/x509/cert_write.c                | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 ChangeLog.d/fix-issue-x509-cert_write.txt

diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt
new file mode 100644
index 000000000..7e1f31d2e
--- /dev/null
+++ b/ChangeLog.d/fix-issue-x509-cert_write.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix possible NULL dereference issue in X509 cert_write program if an entry in the san parameter is not separated by a colon.
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 5e0d608bc..19215c954 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -584,7 +584,7 @@ usage:
                 if ((subtype_value = strchr(q, ':')) != NULL) {
                     *subtype_value++ = '\0';
                 } else {
-                    mbedtls_printf("Invalid argument for option SAN: Entry should be seperated by a colon\n");
+                    mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n");
                     goto usage;
                 }
                 if (strcmp(q, "RFC822") == 0) {

From 5867465e9093c1e8b6846f48ed33da8a5ec1b4af Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 13 Oct 2023 10:03:12 +0100
Subject: [PATCH 3/5] Fix code style issue in cert_write program

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 programs/x509/cert_write.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 19215c954..8bee0a666 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -584,7 +584,8 @@ usage:
                 if ((subtype_value = strchr(q, ':')) != NULL) {
                     *subtype_value++ = '\0';
                 } else {
-                    mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n");
+                    mbedtls_printf(
+                        "Invalid argument for option SAN: Entry should be separated by a colon\n");
                     goto usage;
                 }
                 if (strcmp(q, "RFC822") == 0) {

From 107c60c765b9fdc7832612cc199648732b3943dc Mon Sep 17 00:00:00 2001
From: Waleed Elmelegy <waleed.elmelegy@arm.com>
Date: Fri, 13 Oct 2023 10:25:58 +0100
Subject: [PATCH 4/5] Fix changelog style issue

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
---
 ChangeLog.d/fix-issue-x509-cert_write.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt
index 7e1f31d2e..43d67c21d 100644
--- a/ChangeLog.d/fix-issue-x509-cert_write.txt
+++ b/ChangeLog.d/fix-issue-x509-cert_write.txt
@@ -1,2 +1,3 @@
 Bugfix
-   * Fix possible NULL dereference issue in X509 cert_write program if an entry in the san parameter is not separated by a colon.
+   * Fix possible NULL dereference issue in X509 cert_write program if an entry
+     in the san parameter is not separated by a colon.

From 4a493b267f55b21bf056af363f942862f7a9a754 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 17 Oct 2023 14:57:23 +0100
Subject: [PATCH 5/5] Reword error message on format of SAN arguments

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 programs/x509/cert_write.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 8bee0a666..d8660dc95 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -585,7 +585,7 @@ usage:
                     *subtype_value++ = '\0';
                 } else {
                     mbedtls_printf(
-                        "Invalid argument for option SAN: Entry should be separated by a colon\n");
+                        "Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
                     goto usage;
                 }
                 if (strcmp(q, "RFC822") == 0) {