From 427d4bdb29a60d995847513ab8337ad3b376fc75 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: May 07 2015 20:40:57 +0000
Subject: Fix a potential crash in the local signer


Avoid allocating a too-small array when the local signer goes to
generate a root certificate for the first time.  The sk_X509_num()
function returns -1 when it's passed a NULL stack. (valgrind)

---

diff --git a/src/local.c b/src/local.c
index 9186bd2..4c83a23 100644
--- a/src/local.c
+++ b/src/local.c
@@ -389,12 +389,14 @@ get_signer_info(void *parent, char *localdir, X509 ***roots,
 		fclose(fp);
 
 	}
-	*roots = talloc_array_ptrtype(parent, *roots, sk_X509_num(cas) + 1);
-	if (*roots != NULL) {
-		for (i = 0; i < sk_X509_num(cas); i++) {
-			(*roots)[i] = sk_X509_value(cas, i);
+	if (cas != NULL) {
+		*roots = talloc_array_ptrtype(parent, *roots, sk_X509_num(cas) + 1);
+		if (*roots != NULL) {
+			for (i = 0; i < sk_X509_num(cas); i++) {
+				(*roots)[i] = sk_X509_value(cas, i);
+			}
+			(*roots)[i] = NULL;
 		}
-		(*roots)[i] = NULL;
 	}
 	return CM_SUBMIT_STATUS_ISSUED;
 }