From ac97af223eda0358413dee5349d6912d82d891f8 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 12 Oct 2023 15:46:06 +0100 Subject: [PATCH 1/5] Fix possible NULL dereference issue in X509 cert_req program Signed-off-by: Waleed Elmelegy --- programs/x509/cert_req.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 558d8cc73..bc4eb80d5 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -261,6 +261,9 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; + } else { + mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n"); + goto usage; } if (strcmp(q, "RFC822") == 0) { cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; From 737cfe184b47472fda7305a3f90f9805dbc9de44 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 12 Oct 2023 15:51:13 +0100 Subject: [PATCH 2/5] Add changelog entry for x509 cert_req null dereference fix Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-issue-x509-cert_req.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/fix-issue-x509-cert_req.txt diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt new file mode 100644 index 000000000..7e4effdf8 --- /dev/null +++ b/ChangeLog.d/fix-issue-x509-cert_req.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix possible NULL dereference issue in X509 cert_req program if an entry in the san parameter is not separated by a colon. From eade3fedb240ce288e7b0102d60709ccb1a3dc1f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 13 Oct 2023 09:59:19 +0100 Subject: [PATCH 3/5] Fix code style issue in cert_req program Signed-off-by: Waleed Elmelegy --- programs/x509/cert_req.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index bc4eb80d5..ff744a430 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -262,7 +262,8 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; } else { - mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n"); + mbedtls_printf( + "Invalid argument for option SAN: Entry should be separated by a colon\n"); goto usage; } if (strcmp(q, "RFC822") == 0) { From 0badeb45607f9dc21503433ef7db74c10c5eeaf9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 13 Oct 2023 10:27:13 +0100 Subject: [PATCH 4/5] Fix changelog code style issue Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-issue-x509-cert_req.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt index 7e4effdf8..3a5171b83 100644 --- a/ChangeLog.d/fix-issue-x509-cert_req.txt +++ b/ChangeLog.d/fix-issue-x509-cert_req.txt @@ -1,2 +1,3 @@ Bugfix - * Fix possible NULL dereference issue in X509 cert_req program if an entry in the san parameter is not separated by a colon. + * Fix possible NULL dereference issue in X509 cert_req program if an entry + in the san parameter is not separated by a colon. From 9534dfd15bb8b38553c28c861bff25b2b90cfb03 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 17 Oct 2023 14:59:31 +0100 Subject: [PATCH 5/5] Reword error message on format of SAN arguments Signed-off-by: David Horstmann --- programs/x509/cert_req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index ff744a430..7e2a6bd8e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -263,7 +263,7 @@ usage: *subtype_value++ = '\0'; } else { mbedtls_printf( - "Invalid argument for option SAN: Entry should be separated by a colon\n"); + "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); goto usage; } if (strcmp(q, "RFC822") == 0) {