Merge pull request #8351 from waleed-elmelegy-arm/fix-null-dereference-in-x509-cert-req Fix possible NULL dereference issue in X509 cert_req program

commit: d44ee9e6d13ff10b99a55150d1d0b3d2a5b2013c [log] [tgz]
author: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com> Wed Oct 18 09:01:31 2023 +0000
committer: GitHub <noreply@github.com> Wed Oct 18 09:01:31 2023 +0000
tree: d4f950ebd5bd2b9157ac73e03ee9dd20e42a4062
parent: c6d633ffbc1033f93b019cc75e135244ba573b4c [diff]
parent: 9534dfd15bb8b38553c28c861bff25b2b90cfb03 [diff]
diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt
new file mode 100644
index 0000000..3a5171b
--- /dev/null
+++ b/ChangeLog.d/fix-issue-x509-cert_req.txt

@@ -0,0 +1,3 @@
+Bugfix
+   * Fix possible NULL dereference issue in X509 cert_req program if an entry
+     in the san parameter is not separated by a colon.

diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 558d8cc..7e2a6bd 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c

@@ -261,6 +261,10 @@
 
                 if ((subtype_value = strchr(q, ':')) != NULL) {
                     *subtype_value++ = '\0';
+                } else {
+                    mbedtls_printf(
+                        "Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
+                    goto usage;
                 }
                 if (strcmp(q, "RFC822") == 0) {
                     cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
commit	d44ee9e6d13ff10b99a55150d1d0b3d2a5b2013c	[log] [tgz]
author	Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>	Wed Oct 18 09:01:31 2023 +0000
committer	GitHub <noreply@github.com>	Wed Oct 18 09:01:31 2023 +0000
tree	d4f950ebd5bd2b9157ac73e03ee9dd20e42a4062
parent	c6d633ffbc1033f93b019cc75e135244ba573b4c [diff]
parent	9534dfd15bb8b38553c28c861bff25b2b90cfb03 [diff]