From 3442c699119ef48a21714d11f6fb2954f6b0716d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 4 Jan 2019 20:28:35 +0100
Subject: [PATCH] Make sure null atributes are never used

Add INSIST to pubattr fetching where null might occur in therory. Make
sure null is never dereferenced.

(cherry picked from commit fe9ef0d9f57a2e3f2902cf93d5f00aac3286dd99)
---
 lib/dns/pkcs11ecdsa_link.c | 2 ++
 lib/dns/pkcs11rsa_link.c   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/lib/dns/pkcs11ecdsa_link.c b/lib/dns/pkcs11ecdsa_link.c
index 4a39cc4683..e2e09c0a9f 100644
--- a/lib/dns/pkcs11ecdsa_link.c
+++ b/lib/dns/pkcs11ecdsa_link.c
@@ -838,6 +838,7 @@ pkcs11ecdsa_fetch(dst_key_t *key, const char *engine, const char *label,
 
 	attr->type = CKA_EC_PARAMS;
 	pubattr = pk11_attribute_bytype(pubec, CKA_EC_PARAMS);
+	INSIST(pubattr != NULL);
 	attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen);
 	if (attr->pValue == NULL)
 		DST_RET(ISC_R_NOMEMORY);
@@ -847,6 +848,7 @@ pkcs11ecdsa_fetch(dst_key_t *key, const char *engine, const char *label,
 
 	attr->type = CKA_EC_POINT;
 	pubattr = pk11_attribute_bytype(pubec, CKA_EC_POINT);
+	INSIST(pubattr != NULL);
 	attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen);
 	if (attr->pValue == NULL)
 		DST_RET(ISC_R_NOMEMORY);
diff --git a/lib/dns/pkcs11rsa_link.c b/lib/dns/pkcs11rsa_link.c
index dce62042e8..096c1a8e91 100644
--- a/lib/dns/pkcs11rsa_link.c
+++ b/lib/dns/pkcs11rsa_link.c
@@ -1748,6 +1748,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label,
 
 	attr->type = CKA_MODULUS;
 	pubattr = pk11_attribute_bytype(pubrsa, CKA_MODULUS);
+	INSIST(pubattr != NULL);
 	attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen);
 	if (attr->pValue == NULL)
 		DST_RET(ISC_R_NOMEMORY);
@@ -1757,6 +1758,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label,
 
 	attr->type = CKA_PUBLIC_EXPONENT;
 	pubattr = pk11_attribute_bytype(pubrsa, CKA_PUBLIC_EXPONENT);
+	INSIST(pubattr != NULL);
 	attr->pValue = isc_mem_get(key->mctx, pubattr->ulValueLen);
 	if (attr->pValue == NULL)
 		DST_RET(ISC_R_NOMEMORY);