From 386ed2d5904566cbc455a50ee7a57d70385e1f02 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 22 Apr 2014 23:24:31 +0200
Subject: gtls: fix NULL pointer dereference

gnutls_x509_crt_import() must not be called with a NULL certificate

Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html
Reported-by: Damian Dixon
---
 lib/vtls/gtls.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 2a9878715..d6849cebc 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -735,9 +735,10 @@ gtls_connect_step3(struct connectdata *conn,
   /* initialize an X.509 certificate structure. */
   gnutls_x509_crt_init(&x509_cert);
 
-  /* convert the given DER or PEM encoded Certificate to the native
-     gnutls_x509_crt_t format */
-  gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
+  if(chainp)
+    /* convert the given DER or PEM encoded Certificate to the native
+       gnutls_x509_crt_t format */
+    gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
 
   if(data->set.ssl.issuercert) {
     gnutls_x509_crt_init(&x509_issuer);
-- 
cgit v1.2.3