From: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Tue, 8 Mar 2016 15:17:55 +0000 (+0100)
Subject: Catch error instead of segfaulting
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=449037034e2fbd5d0894a05f7369bc6bc894caa0

Catch error instead of segfaulting

when trying to parse a certificate subject, Net::SSLeay
will segfault in libcrypto when given 0 as input. Catch
this and die with a meaningful error message instead.
---

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index db31121..b42797b 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -287,8 +287,15 @@ sub read_x509_subject_spice {
 
     # read x509 subject
     my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
+    die "Could not open $filename using OpenSSL\n"
+	if !$bio;
+
     my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
     Net::SSLeay::BIO_free($bio);
+
+    die "Could not parse X509 certificate in $filename\n"
+	if !$x509;
+
     my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
     my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
     Net::SSLeay::X509_free($x509);