diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-06-01 14:39:57 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-06-01 14:39:57 +0000 |
commit | 82b6b541b1d9a3d644c96afa9ae44cc1f4c6040d (patch) | |
tree | 4f752dc9803217a4c42cddf948f0390939ffa5df | |
parent | 60a989a76e36002e0e5c6817beab53abcfce484e (diff) |
Fix CVE-2010-0742
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | crypto/cms/cms_asn1.c | 4 |
2 files changed, 6 insertions, 2 deletions
@@ -4,6 +4,10 @@ Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>] + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more common in certificates and some applications which only call SSL_library_init and not OpenSSL_add_all_algorithms() will fail. diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 7664921861..b253d54b57 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { |