diff options
author | Viliam Lejčík <lejcik@gmail.com> | 2024-02-19 21:39:05 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-03-25 18:29:10 +0100 |
commit | 95dfb4244a8b6f23768714619f4f4640d51dc3ff (patch) | |
tree | 2c2d73b5d57b8fcfe2d9f852dd06c58ca60b0d74 /apps | |
parent | 99a1c93efa751f8c9ee06aafe877a2d8bdbdf990 (diff) |
Add NULL check before accessing PKCS7 encrypted algorithm
Printing content of an invalid test certificate causes application crash, because of NULL dereference:
user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)
Added test cases for pkcs12 bad certificates
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)
(cherry picked from commit a4cbffcd8998180b98bb9f7ce6065ed37d079d8b)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/pkcs12.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index b442d358f8..af4f9fce04 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -855,7 +855,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, } else if (bagnid == NID_pkcs7_encrypted) { if (options & INFO) { BIO_printf(bio_err, "PKCS7 Encrypted data: "); - alg_print(p7->d.encrypted->enc_data->algorithm); + if (p7->d.encrypted == NULL) { + BIO_printf(bio_err, "<no data>\n"); + } else { + alg_print(p7->d.encrypted->enc_data->algorithm); + } } bags = PKCS12_unpack_p7encdata(p7, pass, passlen); } else { |