diff options
author | Matt Caswell <matt@openssl.org> | 2024-01-19 11:28:58 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-01-25 15:35:12 +0000 |
commit | 09df4395b5071217b76dc7d3d2e630eb8c5a79c2 (patch) | |
tree | 864b15b6e6265f7053ef8c31e16a506470900cb0 /crypto/pkcs7 | |
parent | 6c70934a46eaa1734c2efbe9d7baac51c607062e (diff) |
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)
(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c)
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r-- | crypto/pkcs7/pk7_mime.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 49a0da5f81..8228315eea 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) int ctype_nid = OBJ_obj2nid(p7->type); const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); - if (ctype_nid == NID_pkcs7_signed) + if (ctype_nid == NID_pkcs7_signed) { + if (p7->d.sign == NULL) + return 0; mdalgs = p7->d.sign->md_algs; - else + } else { mdalgs = NULL; + } flags ^= SMIME_OLDMIME; |