Add NULL check before accessing PKCS7 encrypted algorithm

Printing content of an invalid test certificate causes application crash, because of NULL dereference: user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 PKCS7 Encrypted data: Segmentation fault (core dumped) Added test cases for pkcs12 bad certificates Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23632)
author: Viliam Lejčík <lejcik@gmail.com> 2024-02-19 21:39:05 +0100
committer: Tomas Mraz <tomas@openssl.org> 2024-03-25 18:26:24 +0100
commit: a4cbffcd8998180b98bb9f7ce6065ed37d079d8b (patch)
tree: f37869b64e67b54d8d516e8233e8732099f5d0c0 /apps
parent: 87e747000fef07c9ec43877bc5e9f2ca34f76a3b (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 117b673643..64bd8f53cd 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -901,7 +901,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
         } else if (bagnid == NID_pkcs7_encrypted) {
             if (options & INFO) {
                 BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(p7->d.encrypted->enc_data->algorithm);
+                if (p7->d.encrypted == NULL) {
+                    BIO_printf(bio_err, "<no data>\n");
+                } else {
+                    alg_print(p7->d.encrypted->enc_data->algorithm);
+                }
             }
             bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
         } else {
author	Viliam Lejčík <lejcik@gmail.com>	2024-02-19 21:39:05 +0100
committer	Tomas Mraz <tomas@openssl.org>	2024-03-25 18:26:24 +0100
commit	a4cbffcd8998180b98bb9f7ce6065ed37d079d8b (patch)
tree	f37869b64e67b54d8d516e8233e8732099f5d0c0 /apps
parent	87e747000fef07c9ec43877bc5e9f2ca34f76a3b (diff)