summaryrefslogtreecommitdiffstats
path: root/crypto/pkcs7
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2024-01-19 11:28:58 +0000
committerMatt Caswell <matt@openssl.org>2024-01-25 15:35:12 +0000
commit09df4395b5071217b76dc7d3d2e630eb8c5a79c2 (patch)
tree864b15b6e6265f7053ef8c31e16a506470900cb0 /crypto/pkcs7
parent6c70934a46eaa1734c2efbe9d7baac51c607062e (diff)
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. CVE-2024-0727 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23362) (cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c)
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r--crypto/pkcs7/pk7_mime.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 49a0da5f81..8228315eea 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
int ctype_nid = OBJ_obj2nid(p7->type);
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
- if (ctype_nid == NID_pkcs7_signed)
+ if (ctype_nid == NID_pkcs7_signed) {
+ if (p7->d.sign == NULL)
+ return 0;
mdalgs = p7->d.sign->md_algs;
- else
+ } else {
mdalgs = NULL;
+ }
flags ^= SMIME_OLDMIME;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 09:28:47 +0000