Properly check EVP_VerifyFinal() and similar return values

(CVE-2008-5077). Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
author: Dr. Stephen Henson <steve@openssl.org> 2009-01-07 10:48:23 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-01-07 10:48:23 +0000
commit: a00c3c4019a4bc0fa938b7dd3c0cd8e95cdc6943 (patch)
tree: 97dc675154f89679d944819529935c988924a301 /crypto/cms
parent: f4677b79609a17b125c46a8bc9899be94ac65919 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 591bfbec33..cdac3b870d 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -830,7 +830,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 	cms_fixup_mctx(&mctx, si->pkey);
 	r = EVP_VerifyFinal(&mctx,
 			si->signature->data, si->signature->length, si->pkey);
-	if (!r)
+	if (r <= 0)
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
 	err:
 	EVP_MD_CTX_cleanup(&mctx);
author	Dr. Stephen Henson <steve@openssl.org>	2009-01-07 10:48:23 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-01-07 10:48:23 +0000
commit	a00c3c4019a4bc0fa938b7dd3c0cd8e95cdc6943 (patch)
tree	97dc675154f89679d944819529935c988924a301 /crypto/cms
parent	f4677b79609a17b125c46a8bc9899be94ac65919 (diff)