diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-03-25 12:54:14 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-03-25 12:54:14 +0000 |
commit | 73ba116e963e74e3a6ed4eb8096561fbc4e4ec65 (patch) | |
tree | 85f67793b60b1b2a73adcfe807952db5e60743e8 | |
parent | 80b2ff978d4f309cea71754ae6bcc01d6b36ea20 (diff) |
Update from stable branch.
-rw-r--r-- | CHANGES | 5 | ||||
-rw-r--r-- | crypto/asn1/tasn_dec.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_smime.c | 2 |
3 files changed, 6 insertions, 3 deletions
@@ -751,6 +751,11 @@ Changes between 0.9.8j and 0.9.8k [xx XXX xxxx] + *) Don't set val to NULL when freeing up structures, it is freed up by + underlying code. If sizeof(void *) > sizeof(long) this can result in + zeroing past the valid field. (CVE-2009-0789) + [Paolo Ganci <Paolo.Ganci@AdNovum.CH>] + *) Fix bug where return value of CMS_SignerInfo_verify_content() was not checked correctly. This would allow some invalid signed attributes to appear to verify correctly. (CVE-2009-0591) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 359e9c304b..3bee439968 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -613,7 +613,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, err: ASN1_template_free(val, tt); - *val = NULL; return 0; } @@ -762,7 +761,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, err: ASN1_template_free(val, tt); - *val = NULL; return 0; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 12fc844d93..4a799eb897 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -419,7 +419,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (!CMS_SignerInfo_verify_content(si, cmsbio)) + if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); |