From 9dc4bcad5124f35d5f6ff3d405985e1cc8ad3d81 Mon Sep 17 00:00:00 2001
From: Francesco Giacomini <francesco.giacomini@cnaf.infn.it>
Date: Thu, 1 Apr 2021 12:40:55 +0000
Subject: [PATCH 1/2] Check certs for NULL before dereferencing it

Fix #87
---
 src/api/ccapi/api_util.cc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/api/ccapi/api_util.cc b/src/api/ccapi/api_util.cc
index 714b543c..8afc014f 100644
--- a/src/api/ccapi/api_util.cc
+++ b/src/api/ccapi/api_util.cc
@@ -609,7 +609,13 @@ X509 *vomsdata::check_from_file(AC *ac, std::ifstream &file, const std::string &
   X509_EXTENSION *ext=sk_X509_EXTENSION_value(exts, pos);
 
   AC_CERTS *certs = (AC_CERTS *)X509V3_EXT_d2i(ext);
-  STACK_OF(X509) *certstack = certs->stackcert;
+  STACK_OF(X509) *certstack = certs != NULL ? certs->stackcert : NULL;
+
+  if (certs == NULL || certstack == NULL) {
+    AC_CERTS_free(certs);
+    seterror(VERR_SIGN, "AC does not contain certificate chain");
+    return NULL;
+  }                  
 
   bool success = false;
   bool final = false;

From fdbffdebdb3da73cb4a860c1c06462a20324e6cb Mon Sep 17 00:00:00 2001
From: Francesco Giacomini <francesco.giacomini@cnaf.infn.it>
Date: Thu, 1 Apr 2021 16:57:59 +0200
Subject: [PATCH 2/2] Improve error message

---
 src/api/ccapi/api_util.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/api/ccapi/api_util.cc b/src/api/ccapi/api_util.cc
index 8afc014f..b4c52bff 100644
--- a/src/api/ccapi/api_util.cc
+++ b/src/api/ccapi/api_util.cc
@@ -613,7 +613,7 @@ X509 *vomsdata::check_from_file(AC *ac, std::ifstream &file, const std::string &
 
   if (certs == NULL || certstack == NULL) {
     AC_CERTS_free(certs);
-    seterror(VERR_SIGN, "AC does not contain certificate chain");
+    seterror(VERR_SIGN, "Malformed AC: the AC does not contain the issuer certificate chain");
     return NULL;
   }