From 449037034e2fbd5d0894a05f7369bc6bc894caa0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 8 Mar 2016 16:17:55 +0100
Subject: [PATCH] Catch error instead of segfaulting

when trying to parse a certificate subject, Net::SSLeay
will segfault in libcrypto when given 0 as input. Catch
this and die with a meaningful error message instead.
---
 PVE/AccessControl.pm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index db31121..b42797b 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -287,8 +287,15 @@ sub read_x509_subject_spice {
 
     # read x509 subject
     my $bio = Net::SSLeay::BIO_new_file($filename, 'r');
+    die "Could not open $filename using OpenSSL\n"
+	if !$bio;
+
     my $x509 = Net::SSLeay::PEM_read_bio_X509($bio);
     Net::SSLeay::BIO_free($bio);
+
+    die "Could not parse X509 certificate in $filename\n"
+	if !$x509;
+
     my $nameobj = Net::SSLeay::X509_get_subject_name($x509);
     my $subject = Net::SSLeay::X509_NAME_oneline($nameobj);
     Net::SSLeay::X509_free($x509);
-- 
2.39.2