From 0be0b11a1d0c4029f362ab368a63bc267065b5bd Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 8 Apr 2016 13:48:30 +0200
Subject: _asn1_expand_object_id: addressed crash when no value is present is
 node

With a specially crafted ASN.1 description _asn1_expand_object_id,
passes a null pointer as p4->value to the function _asn1_str_cat,
which expects a pointer to a string. This patch addresses the issue.
Reported by Pascal Cuoq.
---
 lib/parser_aux.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index a42cdd2..52700c6 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -792,6 +792,9 @@ _asn1_expand_object_id (asn1_node node)
 		    {
 		      if (type_field (p4->type) == ASN1_ETYPE_CONSTANT)
 			{
+			  if (p4->value == NULL)
+			    return ASN1_VALUE_NOT_FOUND;
+
 			  if (name2[0])
 			    _asn1_str_cat (name2, sizeof (name2), ".");
 			  _asn1_str_cat (name2, sizeof (name2),
-- 
cgit v1.2.1