From 6902560059df490f91c2f00f0400cfbd00a84be6 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 23 Feb 2011 10:51:36 +0100
Subject: [PATCH] Fix dirmngr crash (bug#1300)

---
 dirmngr/ChangeLog   | 5 +++++
 dirmngr/certcache.c | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog
index c1ce3bfa6..bb40fe1ea 100644
--- a/dirmngr/ChangeLog
+++ b/dirmngr/ChangeLog
@@ -1,3 +1,8 @@
+2011-02-23  Werner Koch  <wk@g10code.com>
+
+	* certcache.c (get_cert_bysubject): Take care of a NULL argument.
+	(find_cert_bysubject): Ditto.  Fixes bug#1300.
+
 2011-02-09  Werner Koch  <wk@g10code.com>
 
 	* ks-engine-kdns.c: New but only the framework.
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 1fb585ae2..3ada60dfe 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -652,6 +652,9 @@ get_cert_bysubject (const char *subject_dn, unsigned int seq)
   cert_item_t ci;
   int i;
 
+  if (!subject_dn)
+    return NULL;
+
   acquire_cache_read_lock ();
   for (i=0; i < 256; i++)
     {
@@ -1101,7 +1104,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
      uniquely located by the following code we can use them.  This is
      for example required by Telesec certificates where a keyId is
      used but the issuer certificate comes without a subject keyId! */
-  if (ctrl->ocsp_certs)
+  if (ctrl->ocsp_certs && subject_dn)
     {
       cert_item_t ci;
       cert_ref_t cr;