diff options
| author | Emilia Kasper <emilia@openssl.org> | 2015-02-27 16:52:23 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-19 13:01:13 +0000 |
| commit | c225c3cf9bd67297fb0c297768d69cbc03fbdab7 (patch) | |
| tree | 6a0d84b0927954eb98ddd639548af2f198296074 /crypto/pkcs7/pk7_lib.c | |
| parent | e677e8d13595f7b3287f8feef7676feb301b0e8a (diff) | |
PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.
This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.
Correcting all low-level API calls requires further work.
CVE-2015-0289
Thanks to Michal Zalewski (Google) for reporting this issue.
Reviewed-by: Steve Henson <steve@openssl.org>
Diffstat (limited to 'crypto/pkcs7/pk7_lib.c')
| -rw-r--r-- | crypto/pkcs7/pk7_lib.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index c773812756..0c5fcaa6aa 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) nid = OBJ_obj2nid(p7->type); switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { ret = p7->detached = (int)larg; @@ -444,6 +445,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return (p7->d.sign->signer_info); } else if (PKCS7_type_is_signedAndEnveloped(p7)) { |