Closed arsing closed 11 months ago
Cherry-pick from main of 7482a00c0a18ae4e7cfcdefcdde4a0c195b94268
The original code did not handle two cases of nullptr deref when parsing an EST server's PKCS#7 response:
If the PKCS#7 blob was not of "signed" type, then aziot_certd_pkcs7_to_x509 would return NULL and the Rust caller would deref it regardless.
aziot_certd_pkcs7_to_x509
NULL
If the PKCS#7 blob was of "signed" type but its d.sign pointer was NULL, the C code would deref it regardless.
d.sign
Also, openssl-sys does have bindings for the related types now, so the code can be written in Rust instead of C.
So this change moves that code from C to Rust and fixes the two derefs.
Cherry-pick from main of 7482a00c0a18ae4e7cfcdefcdde4a0c195b94268
The original code did not handle two cases of nullptr deref when parsing an EST server's PKCS#7 response:
If the PKCS#7 blob was not of "signed" type, then
aziot_certd_pkcs7_to_x509would returnNULLand the Rust caller would deref it regardless.If the PKCS#7 blob was of "signed" type but its
d.signpointer wasNULL, the C code would deref it regardless.Also, openssl-sys does have bindings for the related types now, so the code can be written in Rust instead of C.
So this change moves that code from C to Rust and fixes the two derefs.