From 68ca4b61bf43a22581ebb5649252a65633a1b680 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Mon, 5 Sep 2016 20:51:42 +0900
Subject: pkcs12: fix .new to handle strucuture with no keys or no certs

It's possible that a PKCS #12 strucuture holds zero private keys. At
such a time PKCS12_parse() returns NULL as the private key. Likewise,
when the strucuture does not contain the corresponding certificate to
the private key, PKCS12_parse() returns NULL as the certificate.

Reported and fix suggested by Masahiro Tomita <tommy@tmtm.org>.
[ruby-dev:49776] [Bug #12726]
---
 ext/openssl/ossl_pkcs12.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'ext/openssl/ossl_pkcs12.c')

diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c
index a7daad20..0b9c7816 100644
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@@ -190,15 +190,17 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
     if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s))
 	ossl_raise(ePKCS12Error, "PKCS12_parse");
     ERR_pop_to_mark();
-    pkey = rb_protect((VALUE (*)(VALUE))ossl_pkey_new, (VALUE)key,
-		      &st); /* NO DUP */
-    if(st) goto err;
-    cert = rb_protect((VALUE (*)(VALUE))ossl_x509_new, (VALUE)x509, &st);
-    if(st) goto err;
-    if(x509s){
-	ca =
-	    rb_protect((VALUE (*)(VALUE))ossl_x509_sk2ary, (VALUE)x509s, &st);
-	if(st) goto err;
+    if (key) {
+	pkey = rb_protect((VALUE (*)(VALUE))ossl_pkey_new, (VALUE)key, &st);
+	if (st) goto err;
+    }
+    if (x509) {
+	cert = rb_protect((VALUE (*)(VALUE))ossl_x509_new, (VALUE)x509, &st);
+	if (st) goto err;
+    }
+    if (x509s) {
+	ca = rb_protect((VALUE (*)(VALUE))ossl_x509_sk2ary, (VALUE)x509s, &st);
+	if (st) goto err;
     }
 
   err:
-- 
cgit v1.2.3