From 81d7825c98eff2297afb8755a8f86ef6bd19d7e5 Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jeremy.kerr@canonical.com>
Date: Thu, 28 Jun 2012 10:18:08 +0800
Subject: [PATCH] sbsign: handle errors from PKCS7_sign_add_signer()

Rather than causing a segfault (si == NULL), report an error and exit.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
---
 sbsign.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sbsign.c b/sbsign.c
index da47e90..461bf1c 100644
--- a/sbsign.c
+++ b/sbsign.c
@@ -195,6 +195,11 @@ int main(int argc, char **argv)
 
 	PKCS7_SIGNER_INFO *si = PKCS7_sign_add_signer(p7, cert,
 			pkey, md, PKCS7_BINARY);
+	if (!si) {
+		fprintf(stderr, "error in key/certificate chain\n");
+		ERR_print_errors_fp(stderr);
+		return EXIT_FAILURE;
+	}
 
 	PKCS7_content_new(p7, NID_pkcs7_data);