PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1
authorDavid Howells <dhowells@redhat.com>
Thu, 31 Jul 2014 13:46:44 +0000 (14:46 +0100)
committerDavid Howells <dhowells@redhat.com>
Thu, 31 Jul 2014 13:46:44 +0000 (14:46 +0100)
X.509 certificate issuer and subject fields are mandatory fields in the ASN.1
and so their existence needn't be tested for.  They are guaranteed to end up
with an empty string if the name material has nothing we can use (see
x509_fabricate_name()).

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
crypto/asymmetric_keys/pkcs7_verify.c

index 51ff36f3a9131e12584c93097900e40b4c1cfc3a..c62cf8006e1f4e8d160e7cc6423b31d318ed58cc 100644 (file)
@@ -190,14 +190,12 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
                if (ret < 0)
                        return ret;
 
-               if (x509->issuer)
-                       pr_debug("- issuer %s\n", x509->issuer);
+               pr_debug("- issuer %s\n", x509->issuer);
                if (x509->authority)
                        pr_debug("- authkeyid %s\n", x509->authority);
 
                if (!x509->authority ||
-                   (x509->subject &&
-                    strcmp(x509->subject, x509->issuer) == 0)) {
+                   strcmp(x509->subject, x509->issuer) == 0) {
                        /* If there's no authority certificate specified, then
                         * the certificate must be self-signed and is the root
                         * of the chain.  Likewise if the cert is its own